threatvector.cylance.com Open in urlscan Pro
34.208.39.20 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
Submission: On February 12 via api (February 12th 2020, 3:16:53 pm UTC) from US

Summary HTTP 100 Redirects Links 26 Behaviour Indicators

Summary

This website contacted 28 IPs in 8 countries across 28 domains to perform 100 HTTP transactions. The main IP is 34.208.39.20, located in Boardman, United States and belongs to AMAZON-02, US. The main domain is threatvector.cylance.com.
TLS certificate: Issued by DigiCert SHA2 Secure Server CA on June 12th 2019. Valid for: a year.

This is the only time threatvector.cylance.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
29	34.208.39.20 34.208.39.20	16509 (AMAZON-02) (AMAZON-02)
11	23.210.248.45 23.210.248.45	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2a00:1450:400... 2a00:1450:4001:81e::200a	15169 (GOOGLE) (GOOGLE)
5	104.16.95.80 104.16.95.80	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	151.139.237.11 151.139.237.11	33438 (HIGHWINDS2) (HIGHWINDS2)
11	2a02:26f0:10c... 2a02:26f0:10c:387::9b6	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
4	2a00:1450:400... 2a00:1450:4001:815::2003	15169 (GOOGLE) (GOOGLE)
2	52.50.184.22 52.50.184.22	16509 (AMAZON-02) (AMAZON-02)
1 2	2a00:1450:400... 2a00:1450:4001:80b::200e	15169 (GOOGLE) (GOOGLE)
2	95.101.176.176 95.101.176.176	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2a00:1450:400... 2a00:1450:4001:809::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:821::200e	15169 (GOOGLE) (GOOGLE)
2	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
5	93.184.220.178 93.184.220.178	15133 (EDGECAST) (EDGECAST)
1	54.154.151.160 54.154.151.160	16509 (AMAZON-02) (AMAZON-02)
1 1	66.117.28.86 66.117.28.86	15224 (OMNITURE) (OMNITURE)
1	192.28.147.68 192.28.147.68	53580 (MARKETO) (MARKETO)
1	2a02:26f0:10c... 2a02:26f0:10c:39e::25ea	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	172.217.16.194 172.217.16.194	15169 (GOOGLE) (GOOGLE)
1	143.204.94.127 143.204.94.127	16509 (AMAZON-02) (AMAZON-02)
1 2	2a05:f500:11:... 2a05:f500:11:101::b93f:9005	14413 (LINKEDIN) (LINKEDIN)
1 1	2a05:f500:10:... 2a05:f500:10:101::b93f:9101	14413 (LINKEDIN) (LINKEDIN)
2	2a00:1450:400... 2a00:1450:4001:806::2002	15169 (GOOGLE) (GOOGLE)
1 3	2a00:1450:400... 2a00:1450:4001:820::2004	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:820::2003	15169 (GOOGLE) (GOOGLE)
1 1	2a00:1450:400... 2a00:1450:400c:c00::9c	15169 (GOOGLE) (GOOGLE)
1	13.224.196.104 13.224.196.104	16509 (AMAZON-02) (AMAZON-02)
2 2	52.49.193.31 52.49.193.31	16509 (AMAZON-02) (AMAZON-02)
1 2	13.224.196.24 13.224.196.24	16509 (AMAZON-02) (AMAZON-02)
1	15.188.105.205 15.188.105.205	16509 (AMAZON-02) (AMAZON-02)
1 5	23.210.248.216 23.210.248.216	16625 (AKAMAI-AS) (AKAMAI-AS)
1 3	52.214.49.237 52.214.49.237	16509 (AMAZON-02) (AMAZON-02)
100	28

29 34.208.39.20 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-208-39-20.us-west-2.compute.amazonaws.com

threatvector.cylance.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 23.210.248.45 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a23-210-248-45.deploy.static.akamaitechnologies.com

assets.adobedtm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81e::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 104.16.95.80 (United States)

ASN13335 (CLOUDFLARENET, US)

app-sj16.marketo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.139.237.11 (Dallas, United States)

ASN33438 (HIGHWINDS2, US)

cdn.rawgit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2a02:26f0:10c:387::9b6 (Ascension Island)

ASN20940 (AKAMAI-ASN1, US)

s7d2.scene7.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:815::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.50.184.22 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-50-184-22.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80b::200e (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 95.101.176.176 (Ascension Island)

ASN16625 (AKAMAI-AS, US)
PTR: a95-101-176-176.deploy.static.akamaitechnologies.com

munchkin.marketo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:821::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s.ytimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 93.184.220.178 (London, United Kingdom)

ASN15133 (EDGECAST, US)

cdn.bizible.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.154.151.160 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-154-151-160.eu-west-1.compute.amazonaws.com

cylance.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 66.117.28.86 (United States) 1 redirects

ASN15224 (OMNITURE, US)

cm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.28.147.68 (United States)

ASN53580 (MARKETO, US)

524-dom-989.mktoresp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:10c:39e::25ea (Ascension Island)

ASN20940 (AKAMAI-ASN1, US)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.16.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s08-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.94.127 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-94-127.fra50.r.cloudfront.net

tag.demandbase.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a05:f500:11:101::b93f:9005 (Ireland) 1 redirects

ASN14413 (LINKEDIN, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:f500:10:101::b93f:9101 (Ireland) 1 redirects

ASN14413 (LINKEDIN, US)

www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:806::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:820::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:820::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c00::9c (Brussels, Belgium) 1 redirects

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.196.104 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-196-104.fra2.r.cloudfront.net

api.company-target.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.49.193.31 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-49-193-31.eu-west-1.compute.amazonaws.com

match.prod.bidr.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.224.196.24 (Seattle, United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-13-224-196-24.fra2.r.cloudfront.net

segments.company-target.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 15.188.105.205 (Paris, France)

ASN16509 (AMAZON-02, US)
PTR: ec2-15-188-105-205.eu-west-3.compute.amazonaws.com

cylance.sc.omtrdc.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 23.210.248.216 (Netherlands) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-210-248-216.deploy.static.akamaitechnologies.com

s.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.214.49.237 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-214-49-237.eu-west-1.compute.amazonaws.com

d.adroll.mgr.consensu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
d.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
29	cylance.com threatvector.cylance.com	465 KB
11	scene7.com s7d2.scene7.com	1008 KB
11	adobedtm.com assets.adobedtm.com	65 KB
7	adroll.com 1 redirects s.adroll.com d.adroll.com	47 KB
5	bizible.com cdn.bizible.com	34 KB
5	marketo.com app-sj16.marketo.com	63 KB
4	gstatic.com fonts.gstatic.com	49 KB
3	company-target.com 1 redirects api.company-target.com segments.company-target.com	2 KB
3	google.de www.google.de	329 B
3	google.com 1 redirects www.google.com	401 B
3	doubleclick.net 1 redirects googleads.g.doubleclick.net stats.g.doubleclick.net	3 KB
3	linkedin.com 2 redirects px.ads.linkedin.com www.linkedin.com	3 KB
3	demdex.net dpm.demdex.net cylance.demdex.net	2 KB
2	bidr.io 2 redirects match.prod.bidr.io	1019 B
2	googleadservices.com www.googleadservices.com	20 KB
2	bing.com bat.bing.com	8 KB
2	marketo.net munchkin.marketo.net	6 KB
2	google-analytics.com 1 redirects www.google-analytics.com	18 KB
2	rawgit.com cdn.rawgit.com	5 KB
1	consensu.org 1 redirects d.adroll.mgr.consensu.org	137 B
1	omtrdc.net cylance.sc.omtrdc.net	395 B
1	demandbase.com tag.demandbase.com	15 KB
1	licdn.com snap.licdn.com	2 KB
1	mktoresp.com 524-dom-989.mktoresp.com	303 B
1	everesttech.net 1 redirects cm.everesttech.net	554 B
1	ytimg.com s.ytimg.com	10 KB
1	youtube.com www.youtube.com	931 B
1	googleapis.com fonts.googleapis.com	633 B
100	28

	Domain	Requested by
29	threatvector.cylance.com	threatvector.cylance.com
11	s7d2.scene7.com	threatvector.cylance.com
11	assets.adobedtm.com	threatvector.cylance.com
5	s.adroll.com	1 redirects threatvector.cylance.com
5	cdn.bizible.com	threatvector.cylance.com cdn.bizible.com
5	app-sj16.marketo.com	threatvector.cylance.com app-sj16.marketo.com
4	fonts.gstatic.com	app-sj16.marketo.com threatvector.cylance.com
3	www.google.de	threatvector.cylance.com
3	www.google.com	1 redirects threatvector.cylance.com
2	d.adroll.com
2	segments.company-target.com	1 redirects threatvector.cylance.com
2	match.prod.bidr.io	2 redirects
2	googleads.g.doubleclick.net	threatvector.cylance.com
2	px.ads.linkedin.com	1 redirects threatvector.cylance.com
2	www.googleadservices.com	threatvector.cylance.com assets.adobedtm.com
2	bat.bing.com	threatvector.cylance.com
2	munchkin.marketo.net	threatvector.cylance.com munchkin.marketo.net
2	www.google-analytics.com	1 redirects threatvector.cylance.com
2	dpm.demdex.net	threatvector.cylance.com
2	cdn.rawgit.com	threatvector.cylance.com
1	d.adroll.mgr.consensu.org	1 redirects
1	cylance.sc.omtrdc.net	threatvector.cylance.com
1	api.company-target.com	threatvector.cylance.com
1	stats.g.doubleclick.net	1 redirects
1	www.linkedin.com	1 redirects
1	tag.demandbase.com	threatvector.cylance.com
1	snap.licdn.com	threatvector.cylance.com
1	524-dom-989.mktoresp.com	threatvector.cylance.com
1	cm.everesttech.net	1 redirects
1	cylance.demdex.net	threatvector.cylance.com
1	s.ytimg.com	www.youtube.com
1	www.youtube.com	threatvector.cylance.com
1	fonts.googleapis.com	threatvector.cylance.com
100	33

This site contains links to these domains. Also see Links.

Domain
www.cylance.com
www.alex-ionescu.com
securelist.com
cylance.com
attack.mitre.org
shop.cylance.com

Subject Issuer	Validity	Valid
*.cylance.com DigiCert SHA2 Secure Server CA	`2019-06-12` - `2020-09-18`	a year	crt.sh
assets.adobedtm.com DigiCert SHA2 High Assurance Server CA	`2019-10-22` - `2021-10-01`	2 years	crt.sh
*.storage.googleapis.com GTS CA 1O1	`2020-01-21` - `2020-04-14`	3 months	crt.sh
app-sj16.marketo.com CloudFlare Inc ECC CA-2	`2020-01-22` - `2020-10-09`	9 months	crt.sh
rawgit.com Sectigo RSA Domain Validation Secure Server CA	`2020-01-03` - `2022-01-12`	2 years	crt.sh
*.scene7.com DigiCert SHA2 Secure Server CA	`2020-01-02` - `2021-04-02`	a year	crt.sh
*.google.com GTS CA 1O1	`2020-01-21` - `2020-04-14`	3 months	crt.sh
*.demdex.net DigiCert SHA2 High Assurance Server CA	`2018-01-09` - `2021-02-12`	3 years	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-01-21` - `2020-04-14`	3 months	crt.sh
*.marketo.net DigiCert SHA2 Secure Server CA	`2018-12-24` - `2020-03-24`	a year	crt.sh
www.bing.com Microsoft IT TLS CA 2	`2019-04-30` - `2021-04-30`	2 years	crt.sh
cdn.bizible.com Go Daddy Secure Certificate Authority - G2	`2019-03-14` - `2021-04-13`	2 years	crt.sh
*.mktoresp.com DigiCert SHA2 Secure Server CA	`2020-01-17` - `2022-01-21`	2 years	crt.sh
*.licdn.com DigiCert SHA2 Secure Server CA	`2019-04-01` - `2021-05-07`	2 years	crt.sh
www.googleadservices.com GTS CA 1O1	`2020-01-21` - `2020-04-14`	3 months	crt.sh
*.demandbase.com Go Daddy Secure Certificate Authority - G2	`2018-09-20` - `2020-11-19`	2 years	crt.sh
px.ads.linkedin.com DigiCert SHA2 Secure Server CA	`2019-05-29` - `2021-06-29`	2 years	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2020-01-29` - `2020-04-22`	3 months	crt.sh
www.google.com GTS CA 1O1	`2020-01-21` - `2020-04-14`	3 months	crt.sh
www.google.de GTS CA 1O1	`2020-01-21` - `2020-04-14`	3 months	crt.sh
*.company-target.com Go Daddy Secure Certificate Authority - G2	`2019-06-19` - `2021-08-18`	2 years	crt.sh
*.sc.omtrdc.net DigiCert SHA2 High Assurance Server CA	`2019-04-23` - `2020-04-14`	a year	crt.sh
*.adroll.com DigiCert SHA2 Secure Server CA	`2020-01-29` - `2021-04-29`	a year	crt.sh
adroll.mgr.consensu.org Amazon	`2019-11-06` - `2020-12-06`	a year	crt.sh

This page contains 3 frames:

Primary Page: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
Frame ID: 19CE58EC2223A5A11417B01C47A65F3D
Requests: 98 HTTP requests in this frame

Frame: https://cylance.demdex.net/dest5.html?d_nsid=0
Frame ID: C92748689CEBB48849B508E88D50BAAD
Requests: 1 HTTP requests in this frame

Frame: https://app-sj16.marketo.com/index.php/form/XDFrame
Frame ID: 382DBAD8A7F8E82B3185D23D7B5574B4
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Adobe Experience Manager (CMS) Expand

Overall confidence: 100%
Detected patterns

script /\/etc.clientlibs\//i

Java (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

script /\/etc.clientlibs\//i

ZURB Foundation (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]+foundation[^>"]+css/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i

AdRoll (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /(?:a|s)\.adroll\.com/i

Adobe DTM (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

script /\/\/assets.adobedtm.com\//i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

Marketo (Marketing Automation) Expand

Overall confidence: 100%
Detected patterns

script /munchkin\.marketo\.net\/munchkin\.js/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery[.-]([\d.]*\d)[^\/]*\.js/i
script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

100
Requests

100 %
HTTPS

44 %
IPv6

28
Domains

33
Subdomains

28
IPs

8
Countries

1822 kB
Transfer

3745 kB
Size

22
Cookies

26 Outgoing links

These are links going to different origins than the main page.

URL: https://www.cylance.com/en-us/company/about-us/privacy-notice.html
Title: Read More

Search URL Search Domain Scan URL

URL: https://www.cylance.com/
Title: Cylance.com

Search URL Search Domain Scan URL

URL: http://www.alex-ionescu.com/?p=300
Title: Heaven's Gate

Search URL Search Domain Scan URL

URL: https://securelist.com/cve-2018-8453-used-in-targeted-attacks/88151/
Title: Kaspersky

Search URL Search Domain Scan URL

URL: http://cylance.com/en-us/platform/products/index.html
Title: BlackBerry Cylance

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1190/
Title: T1190

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1133/
Title: T1133

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1199/
Title: T1199

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1059/
Title: T1059

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1106/
Title: T1106

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1068/
Title: T1068

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1089/
Title: T1089

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1486/
Title: T1486

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1490/
Title: T1490

Search URL Search Domain Scan URL

URL: https://www.cylance.com/en_us/privacy-policy.html
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: https://www.cylance.com/en-us/company/about-us/index.html
Title: Who We Are

Search URL Search Domain Scan URL

URL: https://www.cylance.com/en-us/resources/knowledge-center/index.html
Title: Resource Center

Search URL Search Domain Scan URL

URL: https://www.cylance.com/en-us/company/news-and-press/news.html
Title: Cylance News

Search URL Search Domain Scan URL

URL: https://www.cylance.com/en-us/company/news-and-press/press-releases.html
Title: Press Releases

Search URL Search Domain Scan URL

URL: https://www.cylance.com/en-us/company/about-us/terms-of-service.html
Title: Terms of Service

Search URL Search Domain Scan URL

URL: https://www.cylance.com/en-us/platform/products/index.html
Title: CylancePROTECT

Search URL Search Domain Scan URL

URL: https://www.cylance.com/en_us/products/our-products/optics.html
Title: CylanceOPTICS

Search URL Search Domain Scan URL

URL: https://www.cylance.com/en-us/platform/products/cylance-threatzero.html
Title: Cylance ThreatZERO

Search URL Search Domain Scan URL

URL: https://shop.cylance.com/us
Title: Cylance Smart Antivirus

Search URL Search Domain Scan URL

URL: https://www.cylance.com/en_us/services/left-structure-nav/overview/consulting.html
Title: Consulting Overview

Search URL Search Domain Scan URL

URL: https://www.cylance.com/en-us/solutions/industry/index.html
Title: Industry Overview

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 63

https://cm.everesttech.net/cm/dd?d_uuid=08489483512835779871200170568978858490 HTTP 302
https://dpm.demdex.net/ibs:dpid=411&dpuuid=XkQW1AAAAcoPVRTJ

Request Chain 69

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=37262&url=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Fthreat-spotlight-sodinokibi-ransomware.html&time=1581520596560 HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D37262%26url%3Dhttps%253A%252F%252Fthreatvector.cylance.com%252Fen_us%252Fhome%252Fthreat-spotlight-sodinokibi-ransomware.html%26time%3D1581520596560%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=37262&url=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Fthreat-spotlight-sodinokibi-ransomware.html&time=1581520596560&liSync=true

Request Chain 78

https://www.google-analytics.com/r/collect?v=1&_v=j81&a=1720731396&t=pageview&_s=1&dl=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Fthreat-spotlight-sodinokibi-ransomware.html&ul=en-us&de=UTF-8&dt=Threat%20Spotlight%3A%20Sodinokibi%20Ransomware&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=KEBAAAAB~&jid=199307055&gjid=609300007&cid=1945308204.1581520596&tid=UA-33464378-1&_gid=386823888.1581520596&_r=1&z=1878055687 HTTP 302
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-33464378-1&cid=1945308204.1581520596&jid=199307055&_gid=386823888.1581520596&gjid=609300007&_v=j81&z=1878055687 HTTP 302
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-33464378-1&cid=1945308204.1581520596&jid=199307055&_v=j81&z=1878055687 HTTP 302
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-33464378-1&cid=1945308204.1581520596&jid=199307055&_v=j81&z=1878055687&slf_rd=1&random=1690793247

Request Chain 80

https://match.prod.bidr.io/cookie-sync/demandbase HTTP 303
https://match.prod.bidr.io/cookie-sync/demandbase?_bee_ppp=1 HTTP 303
https://segments.company-target.com/log?vendor=choca&user_id=AAJnMk68iC4AAF1MKbi3oQ HTTP 303
https://segments.company-target.com/validateCookie?vendor=choca&user_id=AAJnMk68iC4AAF1MKbi3oQ&verifyHash=f6677fd69a9cb564d6379b192ad065660c483cb0

Request Chain 94

https://s.adroll.com/j/exp/OU3SUNRJWBHPTCY5X23OHE/index.js HTTP 302
https://s.adroll.com/j/exp/index.js

Request Chain 96

https://d.adroll.mgr.consensu.org/consent/iabcheck/OU3SUNRJWBHPTCY5X23OHE?_s=9dd47665e9140f72804e2b43690a7536&_b=2 HTTP 302
https://d.adroll.com/consent/check/OU3SUNRJWBHPTCY5X23OHE/?_s=9dd47665e9140f72804e2b43690a7536&_b=2

100 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request Cookie set threat-spotlight-sodinokibi-ransomware.html Show response
threatvector.cylance.com/en_us/home/ 121 KB
27 KB 1001ms
375ms Document
text/html 34.208.39.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.208.39.20 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-208-39-20.us-west-2.compute.amazonaws.com

Software

Apache /

Resource Hash

a3f8be75fca2b55f10570fa548c0ba00c5fe41b3f9de013e32b8e382bcb25b92

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Host: threatvector.cylance.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: document
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: document

Response headers

Accept-Ranges: bytes
Cache-control: no-cache="set-cookie"
Content-Encoding: gzip
Content-Security-Policy: frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Content-Type: text/html;charset=utf-8
Date: Wed, 12 Feb 2020 15:16:34 GMT
ETag: "1e418-59e542b63190e-gzip"
Feature-Policy: geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Last-Modified: Tue, 11 Feb 2020 22:13:45 GMT
Referrer-Policy: no-referrer-when-downgrade
Server: Apache
Set-Cookie: AWSELB=4D0BDD9F0A163D48ECFEF400CB706ACF82CD0195C8D5AF0B639C0FF52381F196F79B59DABDA65005DB13B5CC961C67EC4A82E113711D6D70A536F9B759B0F5D706ABCD580A;PATH=/;MAX-AGE=900 AWSELBCORS=4D0BDD9F0A163D48ECFEF400CB706ACF82CD0195C8D5AF0B639C0FF52381F196F79B59DABDA65005DB13B5CC961C67EC4A82E113711D6D70A536F9B759B0F5D706ABCD580A;PATH=/;MAX-AGE=900;SECURE;SAMESITE=None
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Vary: Accept-Encoding,User-Agent
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Content-Length: 26802
Connection: keep-alive

GET
H/1.1 200
OK main.731db1757391070f3ea2ead82acaf408.css
threatvector.cylance.com/etc.clientlibs/foundation/clientlibs/ 12 KB
3 KB 195ms
193ms Stylesheet
text/css 34.208.39.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://threatvector.cylance.com/etc.clientlibs/foundation/clientlibs/main.731db1757391070f3ea2ead82acaf408.css

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.208.39.20 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-208-39-20.us-west-2.compute.amazonaws.com

Software

Apache /

Resource Hash

d4e42e78d5938248bc7eeac03bfacee8cd2a392daa3885637a7899ca4fb30e3c

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

Content-Security-Policy: frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Content-Encoding: gzip
ETag: "2eda-591e577dc0700-gzip"
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Length: 2403
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Fri, 06 Sep 2019 17:07:08 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Date: Wed, 12 Feb 2020 15:16:35 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: text/css;charset=utf-8
Connection: keep-alive
Feature-Policy: geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Accept-Ranges: bytes
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK jquery.5e8d3382f82b03b0bf3fea3024eecd61.js Show response
threatvector.cylance.com/etc.clientlibs/clientlibs/granite/ 288 KB
87 KB 736ms
367ms Script
application/javascript 34.208.39.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery.5e8d3382f82b03b0bf3fea3024eecd61.js

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.208.39.20 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-208-39-20.us-west-2.compute.amazonaws.com

Software

Apache /

Resource Hash

45e2f85e3aab6c36988703f5cc06444289bb795a25736b74975073c98de18498

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Content-Security-Policy: frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Content-Encoding: gzip
ETag: "47f04-591e577eb4940-gzip"
transfer-encoding: chunked
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Fri, 06 Sep 2019 17:07:09 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Date: Wed, 12 Feb 2020 15:16:35 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript;charset=utf-8
Connection: keep-alive
Feature-Policy: geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Accept-Ranges: bytes
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK utils.7a49486e1c734bd5d7fd0c1c68c83d9b.js Show response
threatvector.cylance.com/etc.clientlibs/clientlibs/granite/ 47 KB
11 KB 571ms
199ms Script
application/javascript 34.208.39.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/utils.7a49486e1c734bd5d7fd0c1c68c83d9b.js

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.208.39.20 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-208-39-20.us-west-2.compute.amazonaws.com

Software

Apache /

Resource Hash

e35896fcd15b2238b1b5e2d4fbbd2b287f57dbbded51ab1a2217c38ce6a51d2f

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Content-Security-Policy: frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Content-Encoding: gzip
ETag: "bcc7-591e577eb4940-gzip"
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Length: 10676
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Fri, 06 Sep 2019 17:07:09 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Date: Wed, 12 Feb 2020 15:16:35 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript;charset=utf-8
Connection: keep-alive
Feature-Policy: geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Accept-Ranges: bytes
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK granite.ed0d934d509c9dab702088c125c92b4f.js Show response
threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/ 10 KB
4 KB 568ms
189ms Script
application/javascript 34.208.39.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.208.39.20 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-208-39-20.us-west-2.compute.amazonaws.com

Software

Apache /

Resource Hash

fe7b1fa106b52fd3b7a72421171503eee8ec0c911d495be3ce168f76ed7cc8b1

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Content-Security-Policy: frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Content-Encoding: gzip
ETag: "28d6-591e577eb4940-gzip"
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Length: 2974
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Fri, 06 Sep 2019 17:07:09 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Date: Wed, 12 Feb 2020 15:16:35 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript;charset=utf-8
Connection: keep-alive
Feature-Policy: geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Accept-Ranges: bytes
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK jquery.26df26a88f9f71ceabb6a15e7cb9c550.js Show response
threatvector.cylance.com/etc.clientlibs/foundation/clientlibs/ 471 B
1 KB 585ms
191ms Script
application/javascript 34.208.39.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://threatvector.cylance.com/etc.clientlibs/foundation/clientlibs/jquery.26df26a88f9f71ceabb6a15e7cb9c550.js

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.208.39.20 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-208-39-20.us-west-2.compute.amazonaws.com

Software

Apache /

Resource Hash

2afa0193eebc6dcba6256c02ba126cd809b278a8c271ba1344af1d54520fb173

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Content-Security-Policy: frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Content-Encoding: gzip
ETag: "1d7-591e577eb4940-gzip"
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Length: 316
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Fri, 06 Sep 2019 17:07:09 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Date: Wed, 12 Feb 2020 15:16:35 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript;charset=utf-8
Connection: keep-alive
Feature-Policy: geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Accept-Ranges: bytes
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK shared.06a50b23d97647c86982b7801a20508a.js Show response
threatvector.cylance.com/etc.clientlibs/foundation/clientlibs/ 98 KB
19 KB 906ms
357ms Script
application/javascript 34.208.39.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://threatvector.cylance.com/etc.clientlibs/foundation/clientlibs/shared.06a50b23d97647c86982b7801a20508a.js

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.208.39.20 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-208-39-20.us-west-2.compute.amazonaws.com

Software

Apache /

Resource Hash

1cac386a226657759d39c04b26768f03915090f0f1a5b4e6ca815d7478228159

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Content-Security-Policy: frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Content-Encoding: gzip
ETag: "18868-591e577eb4940-gzip"
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Length: 18634
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Fri, 06 Sep 2019 17:07:09 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Date: Wed, 12 Feb 2020 15:16:35 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript;charset=utf-8
Connection: keep-alive
Feature-Policy: geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Accept-Ranges: bytes
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK main.e2198d73b3e90f0b787085da720eb46e.js Show response
threatvector.cylance.com/etc.clientlibs/foundation/clientlibs/ 22 KB
7 KB 758ms
189ms Script
application/javascript 34.208.39.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://threatvector.cylance.com/etc.clientlibs/foundation/clientlibs/main.e2198d73b3e90f0b787085da720eb46e.js

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.208.39.20 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-208-39-20.us-west-2.compute.amazonaws.com

Software

Apache /

Resource Hash

f6281f4fc0c8b4cd0ecb0cf382c080d9e5f01b58c816d5f071969f3734465fc6

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Content-Security-Policy: frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Content-Encoding: gzip
ETag: "5963-591e577eb4940-gzip"
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Length: 6275
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Fri, 06 Sep 2019 17:07:09 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Date: Wed, 12 Feb 2020 15:16:36 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript;charset=utf-8
Connection: keep-alive
Feature-Policy: geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Accept-Ranges: bytes
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK cylance-blogs.css
threatvector.cylance.com/etc/designs/ 0
780 B 392ms
197ms Stylesheet
text/css 34.208.39.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://threatvector.cylance.com/etc/designs/cylance-blogs.css

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.208.39.20 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-208-39-20.us-west-2.compute.amazonaws.com

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

Content-Security-Policy: frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Wed, 18 Oct 2017 04:24:09 GMT
Server: Apache
Date: Wed, 12 Feb 2020 15:16:35 GMT
X-Frame-Options: SAMEORIGIN, SAMEORIGIN
Content-Type: text/css;charset=utf-8
Connection: keep-alive
Feature-Policy: geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Vary: User-Agent
Content-Length: 0
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK main.d6fc6f0b35c968dde40b02af38f21447.css
threatvector.cylance.com/etc/clientlibs/cylance-blogs/ 154 KB
26 KB 698ms
344ms Stylesheet
text/css 34.208.39.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main.d6fc6f0b35c968dde40b02af38f21447.css

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.208.39.20 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-208-39-20.us-west-2.compute.amazonaws.com

Software

Apache /

Resource Hash

ce11c18967ab30115878af2f6c6dc88fce05dbda48df9cea5a7abf9fb311ef5f

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

Content-Security-Policy: frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Content-Encoding: gzip
ETag: "2685c-591e577eb4940-gzip"
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Length: 25287
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Fri, 06 Sep 2019 17:07:09 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Date: Wed, 12 Feb 2020 15:16:35 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: text/css;charset=utf-8
Connection: keep-alive
Feature-Policy: geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Accept-Ranges: bytes
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK dependencies.d41d8cd98f00b204e9800998ecf8427e.css
threatvector.cylance.com/etc/clientlibs/cylance-blogs/ 0
798 B 548ms
182ms Stylesheet
text/css 34.208.39.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/dependencies.d41d8cd98f00b204e9800998ecf8427e.css

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.208.39.20 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-208-39-20.us-west-2.compute.amazonaws.com

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

Content-Security-Policy: frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
ETag: "0-591e577eb4940"
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Length: 0
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Fri, 06 Sep 2019 17:07:09 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Date: Wed, 12 Feb 2020 15:16:35 GMT
Vary: User-Agent
Content-Type: text/css;charset=utf-8
Connection: keep-alive
Feature-Policy: geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Accept-Ranges: bytes
X-Content-Type-Options: nosniff

GET
H2 200 launch-EN9a198e584a4641e5a638d027ddddb3cf.min.js Show response
assets.adobedtm.com/ 149 KB
46 KB 73ms
22ms Script
application/x-javascript 23.210.248.45
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/launch-EN9a198e584a4641e5a638d027ddddb3cf.min.js
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.210.248.45 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-248-45.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 7fbbeba68616ec3cd21955086a765a1c74d81b3f2772babba4f8f9719adb2d5c

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Wed, 12 Feb 2020 15:16:35 GMT
content-encoding: gzip
last-modified: Thu, 13 Jun 2019 21:17:25 GMT
server: Apache
etag: "5aebb26c4d05b067a5277a6a715dfbac:1560460645"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 46918
expires: Wed, 12 Feb 2020 16:16:35 GMT

GET
H2 200 css
fonts.googleapis.com/ 3 KB
633 B 17ms
16ms Stylesheet
text/css 2a00:1450:4001:81e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Titillium+Web:200,300,400,600

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e85d93603219c7af97e29b183b6f22d04991b9b01c4a79ae824e62ea7aa809b5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 12 Feb 2020 15:16:35 GMT
server: ESF
date: Wed, 12 Feb 2020 15:16:35 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 12 Feb 2020 15:16:35 GMT

GET
H2 200 forms2.min.js Show response
app-sj16.marketo.com/js/forms2/js/ 169 KB
58 KB 220ms
29ms Script
application/x-javascript 104.16.95.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app-sj16.marketo.com/js/forms2/js/forms2.min.js

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.95.80 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f6e7e0830124ea580b3f0de0da80ba48a45d9df9d7c092af0f47c63ed0692578

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Wed, 12 Feb 2020 15:16:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Wed, 15 Jan 2020 18:37:37 GMT
server: cloudflare
age: 4819
etag: "2c046c-2a546-59c3200aa1e40"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: public, max-age=14400
cf-ray: 563f864a2d73c83f-AMS
expires: Wed, 12 Feb 2020 19:16:35 GMT

GET
H2 200 featherlight.min.css
cdn.rawgit.com/noelboss/featherlight/1.7.9/release/ 2 KB
1 KB 44ms
13ms Stylesheet
text/css 151.139.237.11
HIGHWINDS2

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.rawgit.com/noelboss/featherlight/1.7.9/release/featherlight.min.css

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.139.237.11 Dallas, United States, ASN33438 (HIGHWINDS2, US),

Reverse DNS

Software

NetDNA-cache/2.2 /

Resource Hash

96904bcac47ca5d98b664970580ea473e1e6a6b285c87e8cb3caa2f1928e7219

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

date: Wed, 12 Feb 2020 15:16:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: NetDNA-cache/2.2
access-control-allow-origin: *
etag: W/"817cdef4a8ec3dc545361453f69e4209a3c4d809"
vary: Accept-Encoding
x-cache: HIT
content-type: text/css;charset=utf-8
status: 200
cache-control: max-age=315569000, immutable
strict-transport-security: max-age=31536000; preload
x-robots-tag: none
rawgit-cache-status: HIT

GET
H2 200 fig3-sodinokibi-sml
s7d2.scene7.com/is/image/cylance/ 162 KB
163 KB 264ms
239ms Image
image/jpeg 2a02:26f0:10c:387::9b6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s7d2.scene7.com/is/image/cylance/fig3-sodinokibi-sml?&wid=1200&fit=constrain,1
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10c:387::9b6 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software: Unknown /
Resource Hash: 75795949ed66c0f8b5c0ef927cd3aff358f9aac175f6789fb6b15789127731a5

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Wed, 12 Feb 2020 15:16:35 GMT
last-modified: Wed, 03 Jul 2019 19:36:47 GMT
server: Unknown
access-control-allow-origin: *
etag: "2ceb9d334b44b60a0336119dba077d3a"
content-type: image/jpeg
status: 200
content-length: 166334
expires: Thu, 13 Feb 2020 01:16:35 GMT

GET
H2 200 fig12-sodinokibi
s7d2.scene7.com/is/image/cylance/ 205 KB
205 KB 220ms
218ms Image
image/jpeg 2a02:26f0:10c:387::9b6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s7d2.scene7.com/is/image/cylance/fig12-sodinokibi?&wid=1200&fit=constrain,1
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10c:387::9b6 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software: Unknown /
Resource Hash: ccea349d73237232bc08a12695a59a5f873dda2b2e404cb9c6f11d9dd5806c3e

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Wed, 12 Feb 2020 15:16:36 GMT
last-modified: Wed, 03 Jul 2019 19:44:09 GMT
server: Unknown
access-control-allow-origin: *
etag: "e245e6438e9a1811a77271b1883db4a9"
content-type: image/jpeg
status: 200
content-length: 209570
expires: Thu, 13 Feb 2020 01:16:36 GMT

GET
H2 200 fig18-sodinokibi
s7d2.scene7.com/is/image/cylance/ 10 KB
10 KB 49ms
47ms Image
image/jpeg 2a02:26f0:10c:387::9b6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s7d2.scene7.com/is/image/cylance/fig18-sodinokibi?&wid=364&fit=constrain,1
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10c:387::9b6 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software: Unknown /
Resource Hash: be8cca389c01246f49f19f6ac92da85c6627a35fd93c9939bcfc31639bdcc1a1

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Wed, 12 Feb 2020 15:16:36 GMT
last-modified: Wed, 03 Jul 2019 19:46:32 GMT
server: Unknown
access-control-allow-origin: *
etag: "895ac0d8b5b287f1b75b22e06f2dec9b"
content-type: image/jpeg
status: 200
content-length: 10187
expires: Thu, 13 Feb 2020 00:05:31 GMT

GET
H2 200 fig21-sodinokibi-sml
s7d2.scene7.com/is/image/cylance/ 126 KB
126 KB 177ms
175ms Image
image/jpeg 2a02:26f0:10c:387::9b6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s7d2.scene7.com/is/image/cylance/fig21-sodinokibi-sml?&wid=1200&fit=constrain,1
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10c:387::9b6 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software: Unknown /
Resource Hash: f15d14a948d5d97372a945a80c61612fe768a1c1e19de1f9067c4cabff78becd

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Wed, 12 Feb 2020 15:16:36 GMT
last-modified: Wed, 03 Jul 2019 19:51:52 GMT
server: Unknown
access-control-allow-origin: *
etag: "fe9de96ae992ee67c903371c595ab410"
content-type: image/jpeg
status: 200
content-length: 128901
expires: Thu, 13 Feb 2020 00:05:31 GMT

GET
H2 200 fig23-sodinokibi
s7d2.scene7.com/is/image/cylance/ 56 KB
57 KB 567ms
565ms Image
image/jpeg 2a02:26f0:10c:387::9b6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s7d2.scene7.com/is/image/cylance/fig23-sodinokibi?&wid=1021&fit=constrain,1
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10c:387::9b6 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software: Unknown /
Resource Hash: 23724b86dbc7b32cc5d06808497eea737be1a796b2216500227d6eff4538a2f5

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Wed, 12 Feb 2020 15:16:36 GMT
last-modified: Wed, 03 Jul 2019 19:56:20 GMT
server: Unknown
access-control-allow-origin: *
etag: "c62d2c9ae4c056ea8b1ed4c3c36db5a8"
content-type: image/jpeg
status: 200
content-length: 57823
expires: Thu, 13 Feb 2020 00:05:31 GMT

GET
H2 200 fig24-sodinokibi
s7d2.scene7.com/is/image/cylance/ 345 KB
346 KB 570ms
568ms Image
image/jpeg 2a02:26f0:10c:387::9b6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s7d2.scene7.com/is/image/cylance/fig24-sodinokibi?&wid=1090&fit=constrain,1
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10c:387::9b6 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software: Unknown /
Resource Hash: 3f6a6acd91f9753a79f660d84d20e0417cf70ae34132eca9178a70fcca591fc2

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Wed, 12 Feb 2020 15:16:36 GMT
last-modified: Wed, 03 Jul 2019 19:59:12 GMT
server: Unknown
access-control-allow-origin: *
etag: "e7e9de180a2bdd7c0b427d76ade86850"
content-type: image/jpeg
status: 200
content-length: 353347
expires: Thu, 13 Feb 2020 00:05:31 GMT

GET
H/1.1 200
OK author_thumbnail_default.jpg
threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/placeholder/ 2 KB
3 KB 193ms
191ms Image
image/jpeg 34.208.39.20
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/placeholder/author_thumbnail_default.jpg

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.208.39.20 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-208-39-20.us-west-2.compute.amazonaws.com

Software

Apache /

Resource Hash

2d9245daf2dcc8739b68091fc3afea1e48c3add85f07d57e551a2ab7a714853e

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Date: Wed, 12 Feb 2020 15:16:36 GMT
Content-Security-Policy: frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Fri, 06 Sep 2019 17:09:24 GMT
Server: Apache
ETag: "8d7-591e57ff73900"
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg
Connection: keep-alive
Feature-Policy: geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Accept-Ranges: bytes
Content-Length: 2263
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK Cylance_BB_Logo_RGB_Horz_Black.png
threatvector.cylance.com/content/dam/cylance-blog/en_us/logos/ 19 KB
19 KB 187ms
185ms Image
image/png 34.208.39.20
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://threatvector.cylance.com/content/dam/cylance-blog/en_us/logos/Cylance_BB_Logo_RGB_Horz_Black.png

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.208.39.20 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-208-39-20.us-west-2.compute.amazonaws.com

Software

Apache /

Resource Hash

eb2deec7e5394e29e51ff83e920f1ce3c092ae5c63b711a4b755b9861a8bc6cd

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Content-Security-Policy: frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Fri, 06 Sep 2019 17:07:10 GMT
Server: Apache
ETag: "4aaf-591e577fa8b80"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
X-XSS-Protection: 1; mode=block
Connection: keep-alive
Feature-Policy: geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Accept-Ranges: bytes
Content-Length: 19119
Date: Wed, 12 Feb 2020 15:16:36 GMT

GET
H/1.1 200
OK dependencies.a089e038f1a299472aab3599efb8d481.js Show response
threatvector.cylance.com/etc/clientlibs/cylance-blogs/ 668 KB
158 KB 226ms
225ms Script
application/javascript 34.208.39.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/dependencies.a089e038f1a299472aab3599efb8d481.js

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.208.39.20 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-208-39-20.us-west-2.compute.amazonaws.com

Software

Apache /

Resource Hash

adc2c8e679ffd8f0cbc9270749db4f687b9201280b2913c2817f230584ea4e1d

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Content-Security-Policy: frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Content-Encoding: gzip
ETag: "a70c1-591e577eb4940-gzip"
transfer-encoding: chunked
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Fri, 06 Sep 2019 17:07:09 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Date: Wed, 12 Feb 2020 15:16:36 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript;charset=utf-8
Connection: keep-alive
Feature-Policy: geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Accept-Ranges: bytes
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK main.97c9aac6ee7df8531607278a78c5c231.js Show response
threatvector.cylance.com/etc/clientlibs/cylance-blogs/ 236 KB
63 KB 209ms
209ms Script
application/javascript 34.208.39.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main.97c9aac6ee7df8531607278a78c5c231.js

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.208.39.20 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-208-39-20.us-west-2.compute.amazonaws.com

Software

Apache /

Resource Hash

1017b2b6551aca43896313770d3c3041d58cee227ce35861c60ef0a10dc38c64

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Content-Security-Policy: frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Content-Encoding: gzip
ETag: "3b09d-591e577fa8b80-gzip"
transfer-encoding: chunked
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Fri, 06 Sep 2019 17:07:10 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Date: Wed, 12 Feb 2020 15:16:36 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript;charset=utf-8
Connection: keep-alive
Feature-Policy: geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Accept-Ranges: bytes
X-Content-Type-Options: nosniff

GET
H2 200 featherlight.min.js Show response
cdn.rawgit.com/noelboss/featherlight/1.7.9/release/ 9 KB
4 KB 15ms
12ms Script
application/javascript 151.139.237.11
HIGHWINDS2

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.rawgit.com/noelboss/featherlight/1.7.9/release/featherlight.min.js

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.139.237.11 Dallas, United States, ASN33438 (HIGHWINDS2, US),

Reverse DNS

Software

NetDNA-cache/2.2 /

Resource Hash

0e41a843709f19f5327078ad0e4fca7ff8485d280f2458c15b555957a0e646cd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Wed, 12 Feb 2020 15:16:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: NetDNA-cache/2.2
access-control-allow-origin: *
etag: W/"2f5a26ba5509a7f0235bf1f53ed375289bfc91bd"
vary: Accept-Encoding
x-cache: HIT
content-type: application/javascript;charset=utf-8
status: 200
cache-control: max-age=315569000, immutable
strict-transport-security: max-age=31536000; preload
x-robots-tag: none
rawgit-cache-status: HIT

GET
H/1.1 200
OK token.json Show response
threatvector.cylance.com/libs/granite/csrf/ 2 B
787 B 189ms
189ms XHR
application/json 34.208.39.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://threatvector.cylance.com/libs/granite/csrf/token.json

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.208.39.20 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-208-39-20.us-west-2.compute.amazonaws.com

Software

Apache /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: empty

Response headers

Content-Security-Policy: frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Referrer-Policy: no-referrer-when-downgrade
Server: Apache
Date: Wed, 12 Feb 2020 15:16:36 GMT
X-Frame-Options: SAMEORIGIN, SAMEORIGIN
Connection: keep-alive
Content-Type: application/json;charset=iso-8859-1
Cache-Control: no-cache
Feature-Policy: geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Vary: User-Agent
Content-Length: 2
X-XSS-Protection: 1; mode=block
Expires: -1

GET
H2 200 NaPecZTIAOhVxoMyOr9n_E7fdMPmDaZRbrw.woff2
fonts.gstatic.com/s/titilliumweb/v8/ 12 KB
12 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:815::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/titilliumweb/v8/NaPecZTIAOhVxoMyOr9n_E7fdMPmDaZRbrw.woff2

Requested by

Host: app-sj16.marketo.com
URL: https://app-sj16.marketo.com/js/forms2/js/forms2.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:815::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dd1dad45fd0dd168ad46427307aa8a206b857b783ca3afbcfe2bc8b8724acec0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/css?family=Titillium+Web:200,300,400,600
Origin: https://threatvector.cylance.com
Sec-Fetch-Dest: font
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 01 Feb 2020 03:34:57 GMT
x-content-type-options: nosniff
last-modified: Mon, 22 Jul 2019 19:24:34 GMT
server: sffe
age: 992499
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 12344
x-xss-protection: 0
expires: Sun, 31 Jan 2021 03:34:57 GMT

GET
H2 200 NaPDcZTIAOhVxoMyOr9n_E7ffGjEGItzY5abuWI.woff2
fonts.gstatic.com/s/titilliumweb/v8/ 12 KB
12 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:815::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/titilliumweb/v8/NaPDcZTIAOhVxoMyOr9n_E7ffGjEGItzY5abuWI.woff2

Requested by

Host: app-sj16.marketo.com
URL: https://app-sj16.marketo.com/js/forms2/js/forms2.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:815::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0e23b84d6736b1645a695282788cee2070cd3f5cd2c5c2e31ea0b44a942294c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/css?family=Titillium+Web:200,300,400,600
Origin: https://threatvector.cylance.com
Sec-Fetch-Dest: font
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 04 Feb 2020 02:23:23 GMT
x-content-type-options: nosniff
last-modified: Mon, 22 Jul 2019 19:18:52 GMT
server: sffe
age: 737593
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 12524
x-xss-protection: 0
expires: Wed, 03 Feb 2021 02:23:23 GMT

GET
H/1.1 200
OK id Show response
dpm.demdex.net/ 366 B
1 KB 126ms
34ms XHR
application/json 52.50.184.22
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id?d_visid_ver=4.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=2297E09A576BB9677F000101%40AdobeOrg&d_nsid=0&ts=1581520596357

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.50.184.22 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-50-184-22.eu-west-1.compute.amazonaws.com

Software

Resource Hash

79b0cb52be73304f5c5c3f9c52f5e6c69ecd59ffefc20318911b8a8e9460e16c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
Origin: https://threatvector.cylance.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

DCS: dcs-prod-irl1-v059-023c8e9f3.edge-irl1.demdex.com 5.65.0.20200204084552 4ms (+1ms)
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip
X-TID: AdA5neerQCc=
Vary: Origin, Accept-Encoding, User-Agent
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://threatvector.cylance.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json;charset=utf-8
Content-Length: 301
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 AppMeasurement.min.js Show response
assets.adobedtm.com/extensions/EP4c3fcccffd524251ae198bf677f3b6e9/ 34 KB
13 KB 22ms
21ms Script
application/x-javascript 23.210.248.45
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/extensions/EP4c3fcccffd524251ae198bf677f3b6e9/AppMeasurement.min.js
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.210.248.45 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-248-45.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 7848472b4e994bcd2cb522201f6c123b50c4b37e5aab979ac50db3244eb894d5

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Wed, 12 Feb 2020 15:16:36 GMT
content-encoding: gzip
last-modified: Mon, 15 Apr 2019 20:43:53 GMT
server: Apache
etag: "f005ac758d3bc63fa30fe4a4bd80448d:1555361033"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: no-cache
accept-ranges: bytes
timing-allow-origin: *
content-length: 12786
expires: Wed, 12 Feb 2020 16:16:36 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 44 KB
18 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:80b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

eaf1b128b927ac2868755cb7366d35554255c8af362235afe270f9614f8c806d

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 06 Feb 2020 00:21:02 GMT
server: Golfe2
age: 2584
date: Wed, 12 Feb 2020 14:33:32 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 18174
expires: Wed, 12 Feb 2020 16:33:32 GMT

GET
H/1.1 200
OK mainLogo_rgb_h_white.png
threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/branding/ 10 KB
11 KB 191ms
191ms Image
image/png 34.208.39.20
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/branding/mainLogo_rgb_h_white.png

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.208.39.20 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-208-39-20.us-west-2.compute.amazonaws.com

Software

Apache /

Resource Hash

09bc1009eb3d9cbc800e4933a407c81b1920be72f28254baff513ee8f422f5b0

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main.d6fc6f0b35c968dde40b02af38f21447.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Date: Wed, 12 Feb 2020 15:16:36 GMT
Content-Security-Policy: frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Fri, 06 Sep 2019 17:07:10 GMT
Server: Apache
ETag: "2808-591e577fa8b80"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Connection: keep-alive
Feature-Policy: geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Accept-Ranges: bytes
Content-Length: 10248
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK main_search_close.svg
threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/icons/ 938 B
1 KB 176ms
176ms Image
image/svg+xml 34.208.39.20
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/icons/main_search_close.svg

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.208.39.20 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-208-39-20.us-west-2.compute.amazonaws.com

Software

Apache /

Resource Hash

9913bba300e77cd7898ce5a11558bf789fd15cb686107a10a648109117816be1

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main.d6fc6f0b35c968dde40b02af38f21447.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Content-Security-Policy: frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Content-Encoding: gzip
ETag: "3aa-591e577fa8b80-gzip"
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Length: 491
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Fri, 06 Sep 2019 17:07:10 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Date: Wed, 12 Feb 2020 15:16:36 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: image/svg+xml
Connection: keep-alive
Feature-Policy: geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Accept-Ranges: bytes
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK main_search_icon.svg
threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/icons/ 1 KB
1 KB 267ms
186ms Image
image/svg+xml 34.208.39.20
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/icons/main_search_icon.svg

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.208.39.20 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-208-39-20.us-west-2.compute.amazonaws.com

Software

Apache /

Resource Hash

26ae4b0eb488fa35fca8b199e05b5b5236192cf04a2fa5a91ba6c5c4d5ffc06d

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main.d6fc6f0b35c968dde40b02af38f21447.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Content-Security-Policy: frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Content-Encoding: gzip
ETag: "594-591e577fa8b80-gzip"
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Length: 693
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Fri, 06 Sep 2019 17:07:10 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Date: Wed, 12 Feb 2020 15:16:36 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: image/svg+xml
Connection: keep-alive
Feature-Policy: geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Accept-Ranges: bytes
X-Content-Type-Options: nosniff

GET
H2 200 070319-sodinokibi-lrg
s7d2.scene7.com/is/image/cylance/ 74 KB
75 KB 79ms
79ms Image
image/jpeg 2a02:26f0:10c:387::9b6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s7d2.scene7.com/is/image/cylance/070319-sodinokibi-lrg?&wid=1280&fit=constrain,1
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10c:387::9b6 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software: Unknown /
Resource Hash: f641976030ca6cfe00221906bb08f0536067a28075027a3186adb9a5af536558

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Wed, 12 Feb 2020 15:16:36 GMT
last-modified: Wed, 03 Jul 2019 17:06:54 GMT
server: Unknown
access-control-allow-origin: *
etag: "c16d252139c6c620f229b2b17f340a2b"
content-type: image/jpeg
status: 200
content-length: 76240
expires: Thu, 13 Feb 2020 00:05:31 GMT

GET
H2 200 NaPDcZTIAOhVxoMyOr9n_E7ffAzHGItzY5abuWI.woff2
fonts.gstatic.com/s/titilliumweb/v8/ 12 KB
12 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:815::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/titilliumweb/v8/NaPDcZTIAOhVxoMyOr9n_E7ffAzHGItzY5abuWI.woff2

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:815::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f17a340f0388383e8d2a70632006d51e5d0e95f60f1cca3f774bd78b5d3dcd07

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/css?family=Titillium+Web:200,300,400,600
Origin: https://threatvector.cylance.com
Sec-Fetch-Dest: font
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 04 Feb 2020 23:50:36 GMT
x-content-type-options: nosniff
last-modified: Mon, 22 Jul 2019 19:25:18 GMT
server: sffe
age: 660360
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 12260
x-xss-protection: 0
expires: Wed, 03 Feb 2021 23:50:36 GMT

GET
H2 200 NaPDcZTIAOhVxoMyOr9n_E7ffBzCGItzY5abuWI.woff2
fonts.gstatic.com/s/titilliumweb/v8/ 12 KB
12 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:815::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/titilliumweb/v8/NaPDcZTIAOhVxoMyOr9n_E7ffBzCGItzY5abuWI.woff2

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:815::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8658dcad983dacbb3bca7bc8217fd0b75f28df85bf9259bd0dccf69e58cb0ecd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/css?family=Titillium+Web:200,300,400,600
Origin: https://threatvector.cylance.com
Sec-Fetch-Dest: font
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 31 Jan 2020 23:43:55 GMT
x-content-type-options: nosniff
last-modified: Mon, 22 Jul 2019 19:25:27 GMT
server: sffe
age: 1006361
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 12276
x-xss-protection: 0
expires: Sat, 30 Jan 2021 23:43:55 GMT

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/ 1 KB
1 KB 25ms
25ms Script
application/x-javascript 95.101.176.176
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/munchkin.js
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 95.101.176.176 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a95-101-176-176.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 37d3a4e166c1ac159b88faf4c86c36f67289628a8d65fb57546126396508bbf7

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Wed, 12 Feb 2020 15:16:36 GMT
Content-Encoding: gzip
Last-Modified: Fri, 07 Feb 2020 02:37:09 GMT
Server: Apache
ETag: "8cf9a98cedf9b6907e48743aa92f726a:1581043029"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 760

GET
H2 200 getForm Show response
app-sj16.marketo.com/index.php/form/ 6 KB
2 KB 758ms
758ms Script
application/javascript 104.16.95.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app-sj16.marketo.com/index.php/form/getForm?munchkinId=524-DOM-989&form=3163&url=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Fthreat-spotlight-sodinokibi-ransomware.html&callback=jQuery112408115953409935668_1581520596322&_=1581520596323

Requested by

Host: app-sj16.marketo.com
URL: https://app-sj16.marketo.com/js/forms2/js/forms2.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.95.80 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dd06559f1c062e3293ce58a757bf53e462c7411925adff0745717e678c18b2e1

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904
X-Content-Type-Options	nosniff

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Wed, 12 Feb 2020 15:16:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
access-control-allow-origin: *
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
status: 200
strict-transport-security: max-age=63113904
accept-ranges: bytes
cf-ray: 563f864f99d9c83f-AMS
cached: false

GET
H2 200 021120-icedid-banking-trojan-4-lrg
s7d2.scene7.com/is/image/cylance/ 8 KB
9 KB 51ms
50ms Image
image/jpeg 2a02:26f0:10c:387::9b6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s7d2.scene7.com/is/image/cylance/021120-icedid-banking-trojan-4-lrg?&wid=319&fit=constrain,1
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10c:387::9b6 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software: Unknown /
Resource Hash: b03ad4b6a0291767c8c1d583c35abd8f780daad1d82abbc1b31c7fbcb0f0fb8d

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Wed, 12 Feb 2020 15:16:36 GMT
last-modified: Tue, 11 Feb 2020 00:04:51 GMT
server: Unknown
access-control-allow-origin: *
etag: "527e84d8eaae2d1bccdc366a233fa8ea"
content-type: image/jpeg
status: 200
content-length: 8633
expires: Wed, 12 Feb 2020 18:22:02 GMT

GET
H2 200 000-InSecurity-Podcast-LRG
s7d2.scene7.com/is/image/cylance/ 4 KB
4 KB 35ms
34ms Image
image/jpeg 2a02:26f0:10c:387::9b6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s7d2.scene7.com/is/image/cylance/000-InSecurity-Podcast-LRG?&wid=319&fit=constrain,1
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10c:387::9b6 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software: Unknown /
Resource Hash: 62d710d9bda1dbd522c180805ec2a66d82c84ec1093813ebf39d22f04b30d871

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Wed, 12 Feb 2020 15:16:36 GMT
last-modified: Thu, 11 Apr 2019 19:54:05 GMT
server: Unknown
access-control-allow-origin: *
etag: "dd3973310906a18966ce86729e8f6c75"
content-type: image/jpeg
status: 200
content-length: 4371
expires: Thu, 13 Feb 2020 00:51:07 GMT

GET
H2 200 011020-jouve-cylance-f-lrg
s7d2.scene7.com/is/image/cylance/ 5 KB
5 KB 67ms
66ms Image
image/jpeg 2a02:26f0:10c:387::9b6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s7d2.scene7.com/is/image/cylance/011020-jouve-cylance-f-lrg?&wid=319&fit=constrain,1
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10c:387::9b6 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software: Unknown /
Resource Hash: 03ecfe2cfe61788bd16b6ee3c7becef395744ebdf1f94643800b20b091772308

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Wed, 12 Feb 2020 15:16:36 GMT
last-modified: Sun, 05 Jan 2020 05:38:15 GMT
server: Unknown
access-control-allow-origin: *
etag: "bf6fe58e40816dc0ee17297d02237451"
content-type: image/jpeg
status: 200
content-length: 5212
expires: Wed, 12 Feb 2020 17:47:22 GMT

GET
H2 200 020620-women-unite-lrg
s7d2.scene7.com/is/image/cylance/ 7 KB
7 KB 68ms
68ms Image
image/jpeg 2a02:26f0:10c:387::9b6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s7d2.scene7.com/is/image/cylance/020620-women-unite-lrg?&wid=319&fit=constrain,1
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10c:387::9b6 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software: Unknown /
Resource Hash: 9f089cd192baa80c12548b7332f45abfe5e40785eeaad1392b8afa587246af80

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Wed, 12 Feb 2020 15:16:36 GMT
last-modified: Sat, 01 Feb 2020 02:13:49 GMT
server: Unknown
access-control-allow-origin: *
etag: "79624b1c54416c913b762f9acc7e8e9f"
content-type: image/jpeg
status: 200
content-length: 7157
expires: Thu, 13 Feb 2020 00:19:47 GMT

GET
H2 200 iframe_api Show response
www.youtube.com/ 859 B
931 B 21ms
21ms Script
application/javascript 2a00:1450:4001:809::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/iframe_api

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

YouTube Frontend Proxy /

Resource Hash

797d0764fad2aee0b1e16fbf116c50049da14b2a2dd1c3d73b3fd5d329f74145

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Wed, 12 Feb 2020 15:16:36 GMT
x-content-type-options: nosniff
server: YouTube Frontend Proxy
content-type: application/javascript
status: 200
cache-control: no-cache
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 859
x-xss-protection: 0
expires: Tue, 27 Apr 1971 19:44:06 GMT

GET
H/1.1 200
OK footer_social_icons_facebook.svg
threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/icons/ 2 KB
2 KB 185ms
184ms Image
image/svg+xml 34.208.39.20
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/icons/footer_social_icons_facebook.svg

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.208.39.20 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-208-39-20.us-west-2.compute.amazonaws.com

Software

Apache /

Resource Hash

937fdd2761db8d890407be8c18e64a7f3c19ded89b4d67f5606e30a560bd63c5

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main.d6fc6f0b35c968dde40b02af38f21447.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Content-Security-Policy: frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Content-Encoding: gzip
ETag: "6d1-591e576f72540-gzip"
Connection: keep-alive
Content-Length: 775
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Fri, 06 Sep 2019 17:06:53 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Date: Wed, 12 Feb 2020 15:16:36 GMT
Vary: Accept-Encoding,User-Agent
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Type: image/svg+xml
Cache-control: no-cache="set-cookie"
Feature-Policy: geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Accept-Ranges: bytes
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK footer_social_icons_youtube.svg
threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/icons/ 6 KB
3 KB 183ms
183ms Image
image/svg+xml 34.208.39.20
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/icons/footer_social_icons_youtube.svg

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.208.39.20 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-208-39-20.us-west-2.compute.amazonaws.com

Software

Apache /

Resource Hash

b194fd385666036162259f55563a017e78753671e0fbd3be31a272dc2b869876

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main.d6fc6f0b35c968dde40b02af38f21447.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Content-Security-Policy: frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Content-Encoding: gzip
ETag: "16d2-591e577fa8b80-gzip"
Connection: keep-alive
Content-Length: 2247
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Fri, 06 Sep 2019 17:07:10 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Date: Wed, 12 Feb 2020 15:16:36 GMT
Vary: Accept-Encoding,User-Agent
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Type: image/svg+xml
Cache-control: no-cache="set-cookie"
Feature-Policy: geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Accept-Ranges: bytes
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK footer_social_icons_twitter.svg
threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/icons/ 2 KB
2 KB 192ms
192ms Image
image/svg+xml 34.208.39.20
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/icons/footer_social_icons_twitter.svg

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.208.39.20 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-208-39-20.us-west-2.compute.amazonaws.com

Software

Apache /

Resource Hash

af6f1a1d1ca5b44168e2d69e4e92daf576df150cc615c9e62adc6eb909a73114

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main.d6fc6f0b35c968dde40b02af38f21447.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Content-Security-Policy: frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Content-Encoding: gzip
ETag: "7d3-591e576f72540-gzip"
Connection: keep-alive
Content-Length: 1002
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Fri, 06 Sep 2019 17:06:53 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Date: Wed, 12 Feb 2020 15:16:36 GMT
Vary: Accept-Encoding,User-Agent
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Type: image/svg+xml
Cache-control: no-cache="set-cookie"
Feature-Policy: geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Accept-Ranges: bytes
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK footer_social_icons_linkedin.svg
threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/icons/ 2 KB
2 KB 176ms
176ms Image
image/svg+xml 34.208.39.20
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/icons/footer_social_icons_linkedin.svg

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.208.39.20 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-208-39-20.us-west-2.compute.amazonaws.com

Software

Apache /

Resource Hash

099bace63963205abb1875d577e797bdac573989ab27a75960eafe3ccd5fa27a

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main.d6fc6f0b35c968dde40b02af38f21447.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Content-Security-Policy: frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Content-Encoding: gzip
ETag: "714-591e577fa8b80-gzip"
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Length: 803
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Fri, 06 Sep 2019 17:07:10 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Date: Wed, 12 Feb 2020 15:16:36 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: image/svg+xml
Connection: keep-alive
Feature-Policy: geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Accept-Ranges: bytes
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK footer_social_icons_rss.svg
threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/icons/ 2 KB
2 KB 193ms
192ms Image
image/svg+xml 34.208.39.20
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/icons/footer_social_icons_rss.svg

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.208.39.20 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-208-39-20.us-west-2.compute.amazonaws.com

Software

Apache /

Resource Hash

8235e55fa7f1c889f552c3d7415b6bfff016a82035dc5c77da7a1789a3de95e3

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main.d6fc6f0b35c968dde40b02af38f21447.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Content-Security-Policy: frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Content-Encoding: gzip
ETag: "719-591e576f72540-gzip"
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Length: 827
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Fri, 06 Sep 2019 17:06:53 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Date: Wed, 12 Feb 2020 15:16:36 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: image/svg+xml
Connection: keep-alive
Feature-Policy: geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Accept-Ranges: bytes
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/156/ 9 KB
5 KB 26ms
25ms Script
application/x-javascript 95.101.176.176
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/156/munchkin.js
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 95.101.176.176 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a95-101-176-176.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: e6cf48bc1bfd904673cda470939d69e4c555779587d2361e65d03869b26eeebf

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Wed, 12 Feb 2020 15:16:36 GMT
Content-Encoding: gzip
Last-Modified: Tue, 17 Sep 2019 20:22:41 GMT
Server: Apache
ETag: "24e78e4d5137c385c6e3393d80cfd6bf:1568751761"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Cache-Control: max-age=8640000
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 4198
Expires: Fri, 22 May 2020 15:16:36 GMT

GET
H2 200 www-widgetapi.js Show response
s.ytimg.com/yts/jsbin/www-widgetapi-vflJZLJqh/ 27 KB
10 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:821::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s.ytimg.com/yts/jsbin/www-widgetapi-vflJZLJqh/www-widgetapi.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/iframe_api

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

556587f74b398c7b89d23b15fd8e7c004b15a5985d4dbf8c93707b58d98d1023

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Wed, 12 Feb 2020 12:16:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 10799
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 10242
x-xss-protection: 0
last-modified: Tue, 11 Feb 2020 12:50:31 GMT
server: sffe
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=691200
accept-ranges: bytes
timing-allow-origin: https://www.youtube.com
expires: Thu, 20 Feb 2020 12:16:37 GMT

GET
H2 200 RC03553916c50b4787a671e14ccf605715-source.min.js Show response
assets.adobedtm.com/COe49f90d73b104d95a5840fb29de3b4bb/PRf95f8581a88f45b9b9b9fb92baf50df7/BL2622518685ad46688ae9b6337ed669ac/ 695 B
645 B 26ms
26ms Script
application/x-javascript 23.210.248.45
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/COe49f90d73b104d95a5840fb29de3b4bb/PRf95f8581a88f45b9b9b9fb92baf50df7/BL2622518685ad46688ae9b6337ed669ac/RC03553916c50b4787a671e14ccf605715-source.min.js
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.210.248.45 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-248-45.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 1a7103ddeebf3a313febafe1aba08a1cec143c98a7b6e51cacbf8893093efaa2

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Wed, 12 Feb 2020 15:16:36 GMT
content-encoding: gzip
last-modified: Thu, 13 Jun 2019 21:17:24 GMT
server: Apache
etag: "d9f372492adb73ae3b7bff0cf0a90587:1560460644"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 412
expires: Wed, 12 Feb 2020 16:16:36 GMT

GET
H2 200 bat.js Show response
bat.bing.com/ 23 KB
7 KB 28ms
28ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://bat.bing.com/bat.js
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 89b531e78902333807b825faf77cd11cc927fe364ea2ba9307f65365f7e811f7

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Wed, 12 Feb 2020 15:16:35 GMT
content-encoding: gzip
last-modified: Fri, 31 Jan 2020 21:01:31 GMT
x-msedge-ref: Ref A: DFA94A29E74A4FC28A7A0D8120AB0421 Ref B: FRAEDGE0209 Ref C: 2020-02-12T15:16:36Z
access-control-allow-origin: *
etag: "8087c39c79d8d51:0"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 7295

GET
H2 200 RCcd4cfcbe6a2644318ee9f8727d5e7eb8-source.min.js Show response
assets.adobedtm.com/COe49f90d73b104d95a5840fb29de3b4bb/PRf95f8581a88f45b9b9b9fb92baf50df7/BL2622518685ad46688ae9b6337ed669ac/ 1 KB
775 B 27ms
26ms Script
application/x-javascript 23.210.248.45
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/COe49f90d73b104d95a5840fb29de3b4bb/PRf95f8581a88f45b9b9b9fb92baf50df7/BL2622518685ad46688ae9b6337ed669ac/RCcd4cfcbe6a2644318ee9f8727d5e7eb8-source.min.js
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.210.248.45 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-248-45.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 93a431303f6163e1a1b17d0fe9ac4edb2b042333aec637187fa92f9ed1050ae8

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Wed, 12 Feb 2020 15:16:36 GMT
content-encoding: gzip
last-modified: Thu, 13 Jun 2019 21:17:24 GMT
server: Apache
etag: "eababff33cad8c9e414fb875be462778:1560460644"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 541
expires: Wed, 12 Feb 2020 16:16:36 GMT

GET
H2 200 RCf28b419b6ee84d7a88134d7176e20bb3-source.min.js Show response
assets.adobedtm.com/COe49f90d73b104d95a5840fb29de3b4bb/PRf95f8581a88f45b9b9b9fb92baf50df7/BL2622518685ad46688ae9b6337ed669ac/ 1 KB
899 B 27ms
27ms Script
application/x-javascript 23.210.248.45
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/COe49f90d73b104d95a5840fb29de3b4bb/PRf95f8581a88f45b9b9b9fb92baf50df7/BL2622518685ad46688ae9b6337ed669ac/RCf28b419b6ee84d7a88134d7176e20bb3-source.min.js
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.210.248.45 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-248-45.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: fe884e48d8d2602152678463aa5ac92bb7bd73b357851406aebcc046ab1d8b9f

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Wed, 12 Feb 2020 15:16:36 GMT
content-encoding: gzip
last-modified: Thu, 13 Jun 2019 21:17:24 GMT
server: Apache
etag: "6d94ea62691631fbad7ebecdcc6e04c3:1560460644"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 666
expires: Wed, 12 Feb 2020 16:16:36 GMT

GET
H2 200 RCe330e30c9b774f238563c2f0317b145b-source.min.js Show response
assets.adobedtm.com/COe49f90d73b104d95a5840fb29de3b4bb/PRf95f8581a88f45b9b9b9fb92baf50df7/BL2622518685ad46688ae9b6337ed669ac/ 654 B
624 B 27ms
27ms Script
application/x-javascript 23.210.248.45
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/COe49f90d73b104d95a5840fb29de3b4bb/PRf95f8581a88f45b9b9b9fb92baf50df7/BL2622518685ad46688ae9b6337ed669ac/RCe330e30c9b774f238563c2f0317b145b-source.min.js
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.210.248.45 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-248-45.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: f419df72131b2e7ec36c56950099c5c8f88e3e8ba7de2438b0484d0786e56200

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Wed, 12 Feb 2020 15:16:36 GMT
content-encoding: gzip
last-modified: Thu, 13 Jun 2019 21:17:24 GMT
server: Apache
etag: "cba2baa21d2761515a7b772732db4812:1560460644"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 391
expires: Wed, 12 Feb 2020 16:16:36 GMT

GET
H2 200 bizible.js Show response
cdn.bizible.com/scripts/ 86 KB
33 KB 54ms
13ms Script
application/x-javascript 93.184.220.178
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.bizible.com/scripts/bizible.js?account=cylance.com
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 93.184.220.178 London, United Kingdom, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (amb/6BA7) / ASP.NET
Resource Hash: 51c2e8a79306c78c796b89cbb5c1be4b258089b09cde3664d29d6b2bbf6943ab

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Wed, 12 Feb 2020 15:16:36 GMT
content-encoding: gzip
last-modified: Thu, 06 Feb 2020 23:18:09 GMT
server: ECS (amb/6BA7)
age: 483374
x-powered-by: ASP.NET
etag: "e09d6b243ddd51:0"
vary: Accept-Encoding
x-cache: HIT
content-type: application/x-javascript
status: 200
accept-ranges: bytes
content-length: 33401

GET
H/1.1 200
OK share_bar_icon_linkedin.svg
threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/icons/ 2 KB
2 KB 183ms
176ms Image
image/svg+xml 34.208.39.20
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/icons/share_bar_icon_linkedin.svg

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.208.39.20 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-208-39-20.us-west-2.compute.amazonaws.com

Software

Apache /

Resource Hash

c6e538e6a9213d8d6cb6a1f3b7c03e5a06d68ff25ec57e6eb5b4868289464de0

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Content-Security-Policy: frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Content-Encoding: gzip
ETag: "809-591e578c0e8c0-gzip"
Connection: keep-alive
Content-Length: 876
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Fri, 06 Sep 2019 17:07:23 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Date: Wed, 12 Feb 2020 15:16:36 GMT
Vary: Accept-Encoding,User-Agent
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Type: image/svg+xml
Cache-control: no-cache="set-cookie"
Feature-Policy: geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Accept-Ranges: bytes
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK share_bar_icon_twitter.svg
threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/icons/ 2 KB
2 KB 319ms
186ms Image
image/svg+xml 34.208.39.20
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/icons/share_bar_icon_twitter.svg

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.208.39.20 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-208-39-20.us-west-2.compute.amazonaws.com

Software

Apache /

Resource Hash

7b86ac9779af83777789a7fc81940793f77b5bd3ff3d36ac8e925fccf656247a

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Content-Security-Policy: frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Content-Encoding: gzip
ETag: "8c8-591e578c0e8c0-gzip"
Connection: keep-alive
Content-Length: 1062
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Fri, 06 Sep 2019 17:07:23 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Date: Wed, 12 Feb 2020 15:16:36 GMT
Vary: Accept-Encoding,User-Agent
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Type: image/svg+xml
Cache-control: no-cache="set-cookie"
Feature-Policy: geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Accept-Ranges: bytes
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK share_bar_icon_google.svg
threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/icons/ 2 KB
2 KB 357ms
182ms Image
image/svg+xml 34.208.39.20
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/icons/share_bar_icon_google.svg

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.208.39.20 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-208-39-20.us-west-2.compute.amazonaws.com

Software

Apache /

Resource Hash

66de82969f617c85184ad351d55501233e538e7f54caa684368c8a155053874d

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Content-Security-Policy: frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Content-Encoding: gzip
ETag: "829-591e578c0e8c0-gzip"
Connection: keep-alive
Content-Length: 867
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Fri, 06 Sep 2019 17:07:23 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Date: Wed, 12 Feb 2020 15:16:36 GMT
Vary: Accept-Encoding,User-Agent
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Type: image/svg+xml
Cache-control: no-cache="set-cookie"
Feature-Policy: geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Accept-Ranges: bytes
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK share_bar_icon_facebook.svg
threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/icons/ 2 KB
2 KB 335ms
184ms Image
image/svg+xml 34.208.39.20
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/icons/share_bar_icon_facebook.svg

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.208.39.20 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-208-39-20.us-west-2.compute.amazonaws.com

Software

Apache /

Resource Hash

fe08d074a32f7c481cc425d22cdd787137feea90578e0b10556cebeefcfa3040

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Content-Security-Policy: frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Content-Encoding: gzip
ETag: "771-591e576f72540-gzip"
Connection: keep-alive
Content-Length: 796
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Fri, 06 Sep 2019 17:06:53 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Date: Wed, 12 Feb 2020 15:16:36 GMT
Vary: Accept-Encoding,User-Agent
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Type: image/svg+xml
Cache-control: no-cache="set-cookie"
Feature-Policy: geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Accept-Ranges: bytes
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK share_bar_icon_email.svg
threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/icons/ 1 KB
2 KB 211ms
189ms Image
image/svg+xml 34.208.39.20
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/icons/share_bar_icon_email.svg

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.208.39.20 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-208-39-20.us-west-2.compute.amazonaws.com

Software

Apache /

Resource Hash

87f55f0eb8ca3828f1f3c43da32e71933463b639ff59c86fab549600912ac687

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Content-Security-Policy: frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Content-Encoding: gzip
ETag: "49c-591e576f72540-gzip"
Connection: keep-alive
Content-Length: 682
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Fri, 06 Sep 2019 17:06:53 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Date: Wed, 12 Feb 2020 15:16:36 GMT
Vary: Accept-Encoding,User-Agent
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Type: image/svg+xml
Cache-control: no-cache="set-cookie"
Feature-Policy: geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Accept-Ranges: bytes
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK Cookie set dest5.html
cylance.demdex.net/ Frame C927 0
0 142ms
29ms Document
text/html 54.154.151.160
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cylance.demdex.net/dest5.html?d_nsid=0

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.154.151.160 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-154-151-160.eu-west-1.compute.amazonaws.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Host: cylance.demdex.net
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: demdex=08489483512835779871200170568978858490
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html

Response headers

Accept-Ranges: bytes
Cache-Control: max-age=21600
Content-Encoding: gzip
Content-Type: text/html
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Last-Modified: Tue, 04 Feb 2020 13:27:16 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Set-Cookie: demdex=08489483512835779871200170568978858490;Path=/;Domain=.demdex.net;Expires=Mon, 10-Aug-2020 15:16:36 GMT;Max-Age=15552000;Secure;SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding, User-Agent
X-TID: cuE4fcYwTxU=
Content-Length: 2785
Connection: keep-alive

GET
H/1.1

200
OK

ibs:dpid=411&dpuuid=XkQW1AAAAcoPVRTJ
dpm.demdex.net/
Redirect Chain

https://cm.everesttech.net/cm/dd?d_uuid=08489483512835779871200170568978858490
https://dpm.demdex.net/ibs:dpid=411&dpuuid=XkQW1AAAAcoPVRTJ

42 B
915 B

32ms
32ms

Image
image/gif

52.50.184.22
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=411&dpuuid=XkQW1AAAAcoPVRTJ

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.50.184.22 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-50-184-22.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

DCS: dcs-prod-irl1-v059-048d9f4bb.edge-irl1.demdex.com 5.65.0.20200204084552 1ms (+0ms)
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-TID: 9XqD3UkjRTY=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 42
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Date: Wed, 12 Feb 2020 15:16:35 GMT
Server: AMO-cookiemap/1.1
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=XkQW1AAAAcoPVRTJ
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=15,max=100
Content-Length: 0

GET
H/1.1 200
OK visitWebPage Show response
524-dom-989.mktoresp.com/webevents/ 2 B
303 B 733ms
162ms XHR
text/plain 192.28.147.68
MARKETO

General

Check archive.org

Show headers Download Go to

Full URL: https://524-dom-989.mktoresp.com/webevents/visitWebPage?_mchNc=1581520596543&_mchCn=&_mchId=524-DOM-989&_mchTk=_mch-cylance.com-1581520596542-35228&_mchHo=threatvector.cylance.com&_mchPo=&_mchRu=%2Fen_us%2Fhome%2Fthreat-spotlight-sodinokibi-ransomware.html&_mchPc=https%3A&_mchVr=156&_mchHa=&_mchRe=&_mchQp=
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 192.28.147.68 , United States, ASN53580 (MARKETO, US),
Reverse DNS
Software: akka-http/10.1.7 /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
Origin: https://threatvector.cylance.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Wed, 12 Feb 2020 15:16:37 GMT
Content-Encoding: gzip
Server: akka-http/10.1.7
Transfer-Encoding: chunked
X-Request-Id: b8b429f8-51e6-451d-8725-14c0a86f3e5f
Content-Type: text/plain; charset=UTF-8

GET
H/1.1 200
OK insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 3 KB
2 KB 10ms
10ms Script
application/x-javascript 2a02:26f0:10c:39e::25ea
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10c:39e::25ea , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software: /
Resource Hash: 41dd5e421fe221a7d2921d6fa2b36e8b01a9f2c054aaef5fad866fe896c1d1e0

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Wed, 12 Feb 2020 15:16:36 GMT
Content-Encoding: gzip
Last-Modified: Mon, 07 Oct 2019 16:41:31 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=24818
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1576

GET
H2 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 26 KB
10 KB 29ms
29ms Script
text/javascript 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f2.1e100.net

Software

cafe /

Resource Hash

ec7024e764e94caa58c7a18f4624dc84c9ee15537ff5418fd44e2f037f8abc30

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Wed, 12 Feb 2020 15:16:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 9931
x-xss-protection: 0
server: cafe
etag: 8273558640064030436
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Wed, 12 Feb 2020 15:16:36 GMT

GET
H2 200 6e7b478b.min.js Show response
tag.demandbase.com/ 56 KB
15 KB 66ms
29ms Script
application/javascript 143.204.94.127
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.demandbase.com/6e7b478b.min.js
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.94.127 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-94-127.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: d6165ece0cfe07d628d883f8315f46e22e692f4c01500f5ed0f0e90d94bd260f

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

x-amz-version-id: .CWw1iWwxZgm7PYJJTRGy8svsjlItLXM
content-encoding: gzip
last-modified: Thu, 16 Jan 2020 17:47:39 GMT
server: AmazonS3
age: 2307
date: Wed, 12 Feb 2020 14:38:10 GMT
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
status: 200
cache-control: public, max-age=3600
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: E508JBkVpD5wIUriKNVOW4jVio17vwxz2kMtci6XT9Gdg4qyqVCHaA==
via: 1.1 009e5e3e32afcd1d135a7234c9da5521.cloudfront.net (CloudFront)

GET
H2 204 0
bat.bing.com/action/ 0
93 B 28ms
28ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bat.bing.com/action/0?ti=5637515&tm=al001&Ver=2&mid=702ca6e6-6d1c-d00c-2865-ccd098ba7451&pi=0&lg=en-US&sw=1600&sh=1200&sc=24&tl=Threat%20Spotlight%3A%20Sodinokibi%20Ransomware&kw=Threat%20Spotlight,%20BlackBerry,%20Cylance,%20Sodinokibi,%20Ransomware&p=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Fthreat-spotlight-sodinokibi-ransomware.html&r=&lt=2260&pt=1581520594260,,,,,0,1,47,47,626,58,626,1001,1004,1004,2245,2245,2260,,,&pn=0,0&evt=pageLoad&msclkid=N&rn=814814
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

status: 204
pragma: no-cache
date: Wed, 12 Feb 2020 15:16:35 GMT
cache-control: no-cache, must-revalidate
x-msedge-ref: Ref A: 00BBD9775E28423B9F142E468A60C46D Ref B: FRAEDGE0209 Ref C: 2020-02-12T15:16:36Z
access-control-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

collect
px.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=37262&url=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Fthreat-spotlight-sodinokibi-ransomware.html&time=1581520596560
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D37262%26url%3Dhttps%253A%252F%252Fthreatvector.cylance.com%252Fen_us%252Fhome%252...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=37262&url=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Fthreat-spotlight-sodinokibi-ransomware.html&time=1581520596560&liSync=true

0
80 B

169ms
169ms

Image
application/javascript

2a05:f500:11:101::b93f:9005
LINKEDIN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=37262&url=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Fthreat-spotlight-sodinokibi-ransomware.html&time=1581520596560&liSync=true
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:f500:11:101::b93f:9005 , Ireland, ASN14413 (LINKEDIN, US),
Reverse DNS
Software: Play /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 12 Feb 2020 15:16:37 GMT
server: Play
linkedin-action: 1
x-li-fabric: prod-lor1
status: 200
x-li-proto: http/2
x-li-pop: prod-tln1
content-type: application/javascript
content-length: 0
x-li-uuid: 0MKAiJqw8hWwL/DPMisAAA==

Redirect headers

date: Wed, 12 Feb 2020 15:16:36 GMT
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
linkedin-action: 1
status: 302
strict-transport-security: max-age=2592000
content-length: 0
x-xss-protection: 1; mode=block
server: Play
pragma: no-cache
x-li-pop: prod-efr5
expect-ct: max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
x-frame-options: sameorigin
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
x-li-uuid: EYYgfZqw8hUwq/hGFisAAA==
location: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=37262&url=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Fthreat-spotlight-sodinokibi-ransomware.html&time=1581520596560&liSync=true
cache-control: no-cache, no-store
content-security-policy: default-src *; connect-src 'self' https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com s.c.exp1.licdn.com s.c.exp2.licdn.com m.c.exp1.licdn.com m.c.exp2.licdn.com wss://*.linkedin.com dms.licdn.com https://dpm.demdex.net/id https://lnkd.demdex.net/event blob: static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com media.licdn.com media-exp1.licdn.com media-exp2.licdn.com media-exp3.licdn.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com slideshare.www.linkedin.com https://snap.licdn.com/li.lms-analytics/insight.min.js platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'; report-uri https://www.linkedin.com/platform-telemetry/csp?f=l
x-li-proto: http/2
x-li-fabric: prod-lor1
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 ipv
cdn.bizible.com/m/ 43 B
347 B 13ms
13ms Image
image/gif 93.184.220.178
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.bizible.com/m/ipv?_biz_r=&_biz_h=-1906410348&_biz_u=225aefbd83a74699c50e8f110beeaf64&_biz_s=775ad5&_biz_l=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Fthreat-spotlight-sodinokibi-ransomware.html&_biz_t=1581520596584&_biz_i=Threat%20Spotlight%3A%20Sodinokibi%20Ransomware&_biz_n=0&a=cylance.com&rnd=594919&cdn_o=a&_biz_z=1581520596585
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 93.184.220.178 London, United Kingdom, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (amb/6B75) / ASP.NET
Resource Hash: afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Wed, 12 Feb 2020 15:16:36 GMT
x-aspnet-version: 4.0.30319
age: 481520
x-powered-by: ASP.NET
x-cache: HIT
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
status: 200
content-length: 43
pragma: no-cache
x-aspnetmvc-version: 5.2
last-modified: Fri, 07 Feb 2020 01:31:16 GMT
server: ECS (amb/6B75)
content-type: Image/GIF
cache-control: no-cache, no-store
accept-ranges: bytes
expires: -1

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/858415995/ 2 KB
1 KB 18ms
17ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/858415995/?random=1581520596591&cv=9&fst=1581520596591&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Fthreat-spotlight-sodinokibi-ransomware.html&tiba=Threat%20Spotlight%3A%20Sodinokibi%20Ransomware&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d14f3cdbdb9539b73d2dcf1562b9609fa42eaa483e088f4109ecd5accdea1f36

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

pragma: no-cache
date: Wed, 12 Feb 2020 15:16:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-type: text/javascript; charset=UTF-8
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: no-cache, must-revalidate
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 1028
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 BizibleAcct.js Show response
cdn.bizible.com/ 378 B
522 B 120ms
120ms Script
text/javascript 93.184.220.178
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.bizible.com/BizibleAcct.js?_biz_u=225aefbd83a74699c50e8f110beeaf64&_biz_h=-1906410348&cdn_o=a&jsVer=4.20.02.06&a=cylance.com
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js?account=cylance.com
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 93.184.220.178 London, United Kingdom, ASN15133 (EDGECAST, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: c3cd58449f660324b0e34882c7dd135323d6e69aa7b81451a8a97a2d79f317ee

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Wed, 12 Feb 2020 15:16:36 GMT
content-encoding: gzip
x-aspnetmvc-version: 5.2
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
etag: C1018F22
vary: Accept-Encoding
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
status: 200
cache-control: private, must-revalidate, max-age=21600
content-type: text/javascript; charset=utf-8
content-length: 325

GET
H2 200 /
www.google.com/pagead/1p-user-list/858415995/ 42 B
110 B 20ms
19ms Image
image/gif 2a00:1450:4001:820::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/858415995/?random=1581520596591&cv=9&fst=1581519600000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&sendb=1&frm=0&url=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Fthreat-spotlight-sodinokibi-ransomware.html&tiba=Threat%20Spotlight%3A%20Sodinokibi%20Ransomware&async=1&fmt=3&is_vtc=1&random=376585015&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Wed, 12 Feb 2020 15:16:36 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/858415995/ 42 B
110 B 21ms
20ms Image
image/gif 2a00:1450:4001:820::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/858415995/?random=1581520596591&cv=9&fst=1581519600000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&sendb=1&frm=0&url=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Fthreat-spotlight-sodinokibi-ransomware.html&tiba=Threat%20Spotlight%3A%20Sodinokibi%20Ransomware&async=1&fmt=3&is_vtc=1&random=376585015&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Wed, 12 Feb 2020 15:16:36 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 RC45a65cb4bab44e65966fc1bfe9d6d8ed-source.min.js Show response
assets.adobedtm.com/COe49f90d73b104d95a5840fb29de3b4bb/PRf95f8581a88f45b9b9b9fb92baf50df7/BL2622518685ad46688ae9b6337ed669ac/ 460 B
487 B 27ms
27ms Script
application/x-javascript 23.210.248.45
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/COe49f90d73b104d95a5840fb29de3b4bb/PRf95f8581a88f45b9b9b9fb92baf50df7/BL2622518685ad46688ae9b6337ed669ac/RC45a65cb4bab44e65966fc1bfe9d6d8ed-source.min.js
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.210.248.45 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-248-45.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 44df095afbcc3700bb27f3c430bce008b8074188be803787ce11b9b850ed6675

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Wed, 12 Feb 2020 15:16:36 GMT
content-encoding: gzip
last-modified: Thu, 13 Jun 2019 21:17:25 GMT
server: Apache
etag: "eb0abeded1d23a64ed81155c95cbb867:1560460645"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 254
expires: Wed, 12 Feb 2020 16:16:36 GMT

GET
H2 200 RC795343619189407bb257bf77f37e4f32-source.min.js Show response
assets.adobedtm.com/COe49f90d73b104d95a5840fb29de3b4bb/PRf95f8581a88f45b9b9b9fb92baf50df7/BL2622518685ad46688ae9b6337ed669ac/ 458 B
484 B 27ms
27ms Script
application/x-javascript 23.210.248.45
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/COe49f90d73b104d95a5840fb29de3b4bb/PRf95f8581a88f45b9b9b9fb92baf50df7/BL2622518685ad46688ae9b6337ed669ac/RC795343619189407bb257bf77f37e4f32-source.min.js
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.210.248.45 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-248-45.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b10bfe284fcea12155ae8def55a8ec14b8a804e198e06d985e6e8a1681851c63

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Wed, 12 Feb 2020 15:16:36 GMT
content-encoding: gzip
last-modified: Thu, 13 Jun 2019 21:17:25 GMT
server: Apache
etag: "6c8d0a2b5eadfc79c1cea9bda4c63d3f:1560460645"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 252
expires: Wed, 12 Feb 2020 16:16:36 GMT

GET
H2 200 RCa7a45d271f51412293463f49427635d0-source.min.js Show response
assets.adobedtm.com/COe49f90d73b104d95a5840fb29de3b4bb/PRf95f8581a88f45b9b9b9fb92baf50df7/BL2622518685ad46688ae9b6337ed669ac/ 472 B
499 B 26ms
26ms Script
application/x-javascript 23.210.248.45
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/COe49f90d73b104d95a5840fb29de3b4bb/PRf95f8581a88f45b9b9b9fb92baf50df7/BL2622518685ad46688ae9b6337ed669ac/RCa7a45d271f51412293463f49427635d0-source.min.js
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.210.248.45 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-248-45.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: ae0d8091f974c66bea6d9f9aeba9feb785eb4e5a4e779060ec5f31b525f61f0f

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Wed, 12 Feb 2020 15:16:36 GMT
content-encoding: gzip
last-modified: Thu, 13 Jun 2019 21:17:25 GMT
server: Apache
etag: "1cd1f676e57143bd85e5f21bdd4785bb:1560460645"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 265
expires: Wed, 12 Feb 2020 16:16:36 GMT

GET
H2

200

ga-audiences
www.google.de/ads/
Redirect Chain

https://www.google-analytics.com/r/collect?v=1&_v=j81&a=1720731396&t=pageview&_s=1&dl=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Fthreat-spotlight-sodinokibi-ransomware.html&ul=en-us&de...
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-33464378-1&cid=1945308204.1581520596&jid=199307055&_gid=386823888.1581520596&gjid=609300007&_v=j81&z=1878055687
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-33464378-1&cid=1945308204.1581520596&jid=199307055&_v=j81&z=1878055687
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-33464378-1&cid=1945308204.1581520596&jid=199307055&_v=j81&z=1878055687&slf_rd=1&random=1690793247

42 B
109 B

17ms
17ms

Image
image/gif

2a00:1450:4001:820::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-33464378-1&cid=1945308204.1581520596&jid=199307055&_v=j81&z=1878055687&slf_rd=1&random=1690793247

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 12 Feb 2020 15:16:36 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 12 Feb 2020 15:16:36 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
location: https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-33464378-1&cid=1945308204.1581520596&jid=199307055&_v=j81&z=1878055687&slf_rd=1&random=1690793247
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 302
cache-control: no-cache, no-store, must-revalidate
content-type: text/html; charset=UTF-8
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ip.json Show response
api.company-target.com/api/v2/ 454 B
958 B 128ms
76ms XHR
application/json 13.224.196.104
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.company-target.com/api/v2/ip.json?referrer=&page=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Fthreat-spotlight-sodinokibi-ransomware.html&page_title=Threat%20Spotlight%3A%20Sodinokibi%20Ransomware&key=7535516323dadf7e3d35f603eaad6491&src=tag
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.224.196.104 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-196-104.fra2.r.cloudfront.net
Software: nginx /
Resource Hash: edc7f6279b5780f89b0aff9b2d13afbd545386f670a311e06e36d776ad102a7f

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
Origin: https://threatvector.cylance.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 12 Feb 2020 15:16:36 GMT
identification-source: CENTRAL
vary: Accept-Encoding, Origin
x-amz-cf-pop: FRA2-C1
x-cache: Miss from cloudfront
status: 200
request-id: 4c9d63d0-01f5-4471-bcc8-7c795cc30a3a
content-encoding: gzip
pragma: no-cache
access-control-allow-origin: https://threatvector.cylance.com
server: nginx
access-control-max-age: 7200
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json;charset=utf-8
via: 1.1 2bbba694ff55d664208103e9c25dce14.cloudfront.net (CloudFront)
access-control-expose-headers
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
api-version: v2
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 36Xw9nGzYAjc5AbFtfsO971jQjRoVaByyJ5kZ_DLFlqOS_hgQyG3JQ==
expires: Tue, 11 Feb 2020 15:16:36 GMT

GET
H/1.1

200
OK

validateCookie
segments.company-target.com/
Redirect Chain

https://match.prod.bidr.io/cookie-sync/demandbase
https://match.prod.bidr.io/cookie-sync/demandbase?_bee_ppp=1
https://segments.company-target.com/log?vendor=choca&user_id=AAJnMk68iC4AAF1MKbi3oQ
https://segments.company-target.com/validateCookie?vendor=choca&user_id=AAJnMk68iC4AAF1MKbi3oQ&verifyHash=f6677fd69a9cb564d6379b192ad065660c483cb0

26 B
408 B

107ms
107ms

Image
image/gif

13.224.196.24
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://segments.company-target.com/validateCookie?vendor=choca&user_id=AAJnMk68iC4AAF1MKbi3oQ&verifyHash=f6677fd69a9cb564d6379b192ad065660c483cb0
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.224.196.24 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-196-24.fra2.r.cloudfront.net
Software: /
Resource Hash: 3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 12 Feb 2020 15:16:36 GMT
Via: 1.1 0e7eb16f335fe24acf3f13c5dee19c88.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA2-C1
Vary: Origin
X-Cache: Miss from cloudfront
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
trace-id: fc495dfbfee0d119
X-Amz-Cf-Id: ZyQbFbN7Kd4t1jXs7CIqV6fwKbCkSHKpVBLrO_mFI5Q7-m38sInIkQ==

Redirect headers

Date: Wed, 12 Feb 2020 15:16:36 GMT
Via: 1.1 0e7eb16f335fe24acf3f13c5dee19c88.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA2-C1
Vary: Origin
X-Cache: Miss from cloudfront
Location: /validateCookie?vendor=choca&user_id=AAJnMk68iC4AAF1MKbi3oQ&verifyHash=f6677fd69a9cb564d6379b192ad065660c483cb0
Connection: keep-alive
trace-id: 7bd5e5b98c8431f6
Content-Length: 0
X-Amz-Cf-Id: KxdYDF73bfZENqHn_kewyyhTnvU2cWebh9I7ySwgehqTYh3j5_tE9Q==

GET
H2 200 RC65049b1ee2da4bed9ece12f15b7d466f-source.min.js Show response
assets.adobedtm.com/COe49f90d73b104d95a5840fb29de3b4bb/PRf95f8581a88f45b9b9b9fb92baf50df7/BL2622518685ad46688ae9b6337ed669ac/ 835 B
587 B 27ms
27ms Script
application/x-javascript 23.210.248.45
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/COe49f90d73b104d95a5840fb29de3b4bb/PRf95f8581a88f45b9b9b9fb92baf50df7/BL2622518685ad46688ae9b6337ed669ac/RC65049b1ee2da4bed9ece12f15b7d466f-source.min.js
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.210.248.45 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-248-45.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: c0aed91f1b10ec94f40fdf79c31d1f870fb4bf3eda63b61edb3bbaeff53a93e0

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Wed, 12 Feb 2020 15:16:36 GMT
content-encoding: gzip
last-modified: Thu, 13 Jun 2019 21:17:25 GMT
server: Apache
etag: "3802beb763414589551c998a499408b3:1560460645"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 353
expires: Wed, 12 Feb 2020 16:16:36 GMT

GET
H2 200 u
cdn.bizible.com/m/ 43 B
125 B 14ms
14ms Image
image/gif 93.184.220.178
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.bizible.com/m/u?mapType=mkto&mapValue=id%3A524-DOM-989%26token%3A_mch-cylance.com-1581520596542-35228&_biz_u=225aefbd83a74699c50e8f110beeaf64&_biz_s=775ad5&_biz_l=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Fthreat-spotlight-sodinokibi-ransomware.html&_biz_t=1581520596587&_biz_i=Threat%20Spotlight%3A%20Sodinokibi%20Ransomware&_biz_n=1&a=cylance.com&rnd=407168&cdn_o=a&_biz_z=1581520596688
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 93.184.220.178 London, United Kingdom, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (amb/6BBE) / ASP.NET
Resource Hash: afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Wed, 12 Feb 2020 15:16:36 GMT
x-aspnet-version: 4.0.30319
age: 485659
x-powered-by: ASP.NET
x-cache: HIT
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
status: 200
content-length: 43
pragma: no-cache
x-aspnetmvc-version: 5.2
last-modified: Fri, 07 Feb 2020 00:22:17 GMT
server: ECS (amb/6BBE)
content-type: Image/GIF
cache-control: no-cache, no-store
accept-ranges: bytes
expires: -1

GET
H2 200 u
cdn.bizible.com/m/ 43 B
88 B 16ms
16ms Image
image/gif 93.184.220.178
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.bizible.com/m/u?mapType=ecid&mapValue=2297E09A576BB9677F000101%40AdobeOrg_08228223195302083431154203858829322542&_biz_u=225aefbd83a74699c50e8f110beeaf64&_biz_s=775ad5&_biz_l=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Fthreat-spotlight-sodinokibi-ransomware.html&_biz_t=1581520596588&_biz_i=Threat%20Spotlight%3A%20Sodinokibi%20Ransomware&_biz_n=2&a=cylance.com&rnd=343587&cdn_o=a&_biz_z=1581520596688
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 93.184.220.178 London, United Kingdom, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (amb/6BBE) / ASP.NET
Resource Hash: afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Wed, 12 Feb 2020 15:16:36 GMT
x-aspnet-version: 4.0.30319
age: 485659
x-powered-by: ASP.NET
x-cache: HIT
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
status: 200
content-length: 43
pragma: no-cache
x-aspnetmvc-version: 5.2
last-modified: Fri, 07 Feb 2020 00:22:17 GMT
server: ECS (amb/6BBE)
content-type: Image/GIF
cache-control: no-cache, no-store
accept-ranges: bytes
expires: -1

GET
H2 200 s79863326059181
cylance.sc.omtrdc.net/b/ss/cylan-production/1/JS-2.12.0-L9TT/ 43 B
395 B 102ms
30ms Image
image/gif 15.188.105.205
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cylance.sc.omtrdc.net/b/ss/cylan-production/1/JS-2.12.0-L9TT/s79863326059181?AQB=1&ndh=1&pf=1&t=12%2F1%2F2020%2016%3A16%3A36%203%20-60&mid=08228223195302083431154203858829322542&aamlh=6&ce=UTF-8&pageName=home%3Athreat-spotlight-sodinokibi-ransomware&g=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Fthreat-spotlight-sodinokibi-ransomware.html&cc=USD&ch=home&server=threatvector.cylance.com&events=event17&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c1=D%3Dv1&v1=threatvector.cylance.com&h1=home%7Cthreat-spotlight-sodinokibi-ransomware&c2=2020-02-11%2022%3A13%3A45&v3=tuesday&c4=8%3A16%20AM%7CWednesday&v4=8%3A16%20AM%7CWednesday&v6=home%3Athreat-spotlight-sodinokibi-ransomware&v7=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Fthreat-spotlight-sodinokibi-ransomware.html&c8=D%3Dv8&v8=Mozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_14_5%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F74.0.3729.169%20Safari%2F537.36&c9=D%3Dv9&v9=en_us&c10=D%3Dv10&c11=New&v11=First%20Visit&v12=New&c16=1&c17=19&v17=19&v35=The%20Cylance%20Threat%20Research%20Team&v36=research-and-intelligence&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&mcorgid=2297E09A576BB9677F000101%40AdobeOrg&AQE=1

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

15.188.105.205 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-15-188-105-205.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Wed, 12 Feb 2020 15:16:36 GMT
x-content-type-options: nosniff
x-c: master-1135.I1e15b2.M0-337
p3p: CP="This is not a P3P policy"
status: 200
content-length: 43
x-xss-protection: 1; mode=block
pragma: no-cache
last-modified: Thu, 13 Feb 2020 15:16:36 GMT
server: jag
xserver: anedge-5d944dff5f-v2fst
etag: 3396289618970509312-4616091810506535851
vary: *
content-type: image/gif;charset=utf-8
access-control-allow-origin: *
cache-control: no-cache, no-store, max-age=0, no-transform, private
expires: Tue, 11 Feb 2020 15:16:36 GMT

GET
H2 200 forms2.css
app-sj16.marketo.com/js/forms2/css/ 13 KB
3 KB 30ms
30ms Stylesheet
text/css 104.16.95.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app-sj16.marketo.com/js/forms2/css/forms2.css

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.95.80 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

397d07fbfb19b6ac538d7b8bcdf5ebf7be881c9f9ad3982278d9d4f3a02c160b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

date: Wed, 12 Feb 2020 15:16:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 5396
status: 200
content-length: 2610
last-modified: Wed, 15 Jan 2020 18:37:37 GMT
server: cloudflare
etag: "2c02d8-33f8-59c3200aa1e40"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 563f86545d6ac83f-AMS
expires: Wed, 12 Feb 2020 19:16:37 GMT

GET
H2 200 forms2-theme-plain.css
app-sj16.marketo.com/js/forms2/css/ 828 B
679 B 24ms
24ms Stylesheet
text/css 104.16.95.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app-sj16.marketo.com/js/forms2/css/forms2-theme-plain.css

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.95.80 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

57cd46adbabd6c40823602b4513aecbe89320a769572255272abe9f008de69fa

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904
X-Content-Type-Options	nosniff

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

date: Wed, 12 Feb 2020 15:16:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 3348
status: 200
strict-transport-security: max-age=63113904
content-length: 246
last-modified: Wed, 15 Jan 2020 18:37:37 GMT
server: cloudflare
etag: "2c02f0-33c-59c3200aa1e40"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 563f86545d6cc83f-AMS
expires: Wed, 12 Feb 2020 19:16:37 GMT

GET
H2 200 RC6d15653dcdbd4cccb51d7164ce31913c-source.min.js Show response
assets.adobedtm.com/COe49f90d73b104d95a5840fb29de3b4bb/PRf95f8581a88f45b9b9b9fb92baf50df7/BL2622518685ad46688ae9b6337ed669ac/ 1 KB
900 B 23ms
22ms Script
application/x-javascript 23.210.248.45
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/COe49f90d73b104d95a5840fb29de3b4bb/PRf95f8581a88f45b9b9b9fb92baf50df7/BL2622518685ad46688ae9b6337ed669ac/RC6d15653dcdbd4cccb51d7164ce31913c-source.min.js
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.210.248.45 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-248-45.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 8f9713075b7edd29146b9f8472de0a9dea8c7f3dc2f41ff172f3e558536227c7

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Wed, 12 Feb 2020 15:16:37 GMT
content-encoding: gzip
last-modified: Thu, 13 Jun 2019 21:17:23 GMT
server: Apache
etag: "030fd508521493a75099bd78f60225e1:1560460644"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 667
expires: Wed, 12 Feb 2020 16:16:37 GMT

GET
H/1.1 200
OK roundtrip.js Show response
s.adroll.com/j/ 34 KB
11 KB 167ms
25ms Script
text/javascript 23.210.248.216
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/roundtrip.js
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.210.248.216 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-248-216.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 18193705ab98d0aa0d38c44621932f9599495d8e708fc41afb7ef892ab0895ae

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

x-amz-version-id: lfmGdNKg5RpvOV9rgmEkoYf4yRMYp92f
Content-Encoding: gzip
x-amz-request-id: CF2698AF4ECDBB0C
x-amz-server-side-encryption: AES256
Access-Control-Max-Age: 600
Date: Wed, 12 Feb 2020 15:16:37 GMT
Connection: keep-alive
Content-Length: 10738
x-amz-id-2: XOPKCCC75hTreRBEowGrlWbCCdZ7Sq9AOTK9wflo/A42EY34c+mx3gheNXC+rUzATlHFDVwJg1E=
Last-Modified: Thu, 06 Feb 2020 22:47:39 GMT
Server: AmazonS3
ETag: "bdad36c9dcb5278bdd961fb364516719"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600, must-revalidate
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H2 200 XDFrame
app-sj16.marketo.com/index.php/form/ Frame 382D 0
0 170ms
169ms Document
text/html 104.16.95.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app-sj16.marketo.com/index.php/form/XDFrame

Requested by

Host: app-sj16.marketo.com
URL: https://app-sj16.marketo.com/js/forms2/js/forms2.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.95.80 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904
X-Content-Type-Options	nosniff

Request headers

:method: GET
:authority: app-sj16.marketo.com
:scheme: https
:path: /index.php/form/XDFrame
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest: iframe
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: BIGipServersj16web-nginx-app_https=!Li8kHrl3OTvWTkzInuzRy4alk/3R/mgGMVfFi4ZPkLF8is9qnCmz08EUBZUyK691TqneIr0Jk/woZ+o=; __cf_bm=b9c7767bfd7191f28264ae4e80bbe3451ccab2b3-1581520597-1800-ARBPd4udu5y2ohWl6L/gmIJrNKKR79k+AyIBbYjuHWvPUrMXmj4CDPZKepkRHUzpmjjnZBUlbdFrjBL5lNXfKa4=
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html

Response headers

status: 200
date: Wed, 12 Feb 2020 15:16:37 GMT
content-type: text/html; charset=utf-8
content-length: 3897
set-cookie: __cfduid=de9ae5f88021c3cc613f9694190a77ee91581520597; expires=Fri, 13-Mar-20 15:16:37 GMT; path=/; domain=.app-sj16.marketo.com; HttpOnly; SameSite=Lax
cache-control: max-age=3600
strict-transport-security: max-age=63113904
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
accept-ranges: bytes
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 563f8654fed0c83f-AMS

GET
H2 200 conversion.js Show response
www.googleadservices.com/pagead/ 25 KB
10 KB 29ms
28ms Script
text/javascript 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion.js

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN9a198e584a4641e5a638d027ddddb3cf.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f2.1e100.net

Software

cafe /

Resource Hash

b1e43308ad37fba80d03dac9a497a96febac77a457711dab836dcf12efb80cef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Wed, 12 Feb 2020 15:16:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 9855
x-xss-protection: 0
server: cafe
etag: 7067135177091508594
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Wed, 12 Feb 2020 15:16:37 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/858415995/ 2 KB
1 KB 116ms
115ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/858415995/?random=1581520597297&cv=9&fst=1581520597297&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Fthreat-spotlight-sodinokibi-ransomware.html&tiba=Threat%20Spotlight%3A%20Sodinokibi%20Ransomware&hn=www.googleadservices.com&rfmt=3&fmt=4

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1c3e7c0bd654be20bec593920192cf6c1570283ef241278cddb7311f6bd92045

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

pragma: no-cache
date: Wed, 12 Feb 2020 15:16:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-type: text/javascript; charset=UTF-8
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: no-cache, must-revalidate
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 1026
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/858415995/ 42 B
110 B 22ms
22ms Image
image/gif 2a00:1450:4001:820::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/858415995/?random=1581520597297&cv=9&fst=1581519600000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&sendb=1&frm=0&url=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Fthreat-spotlight-sodinokibi-ransomware.html&tiba=Threat%20Spotlight%3A%20Sodinokibi%20Ransomware&fmt=3&is_vtc=1&random=2582372385&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Wed, 12 Feb 2020 15:16:37 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/858415995/ 42 B
110 B 21ms
20ms Image
image/gif 2a00:1450:4001:820::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/858415995/?random=1581520597297&cv=9&fst=1581519600000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&sendb=1&frm=0&url=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Fthreat-spotlight-sodinokibi-ransomware.html&tiba=Threat%20Spotlight%3A%20Sodinokibi%20Ransomware&fmt=3&is_vtc=1&random=2582372385&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Wed, 12 Feb 2020 15:16:37 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

index.js Show response
s.adroll.com/j/exp/
Redirect Chain

https://s.adroll.com/j/exp/OU3SUNRJWBHPTCY5X23OHE/index.js
https://s.adroll.com/j/exp/index.js

28 B
747 B

22ms
22ms

Script
application/javascript

23.210.248.216
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/exp/index.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.210.248.216 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-248-216.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: f59e5f34a941183aacaed25322ac0856628493c2cfd936ded3fddc0a49510e52

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-amz-version-id: Y8nS1mIzhBe8JEQvENARcyn9JPX.scLz
Content-Encoding: gzip
x-amz-request-id: E1C9941DB941DD1E
x-amz-server-side-encryption: AES256
Access-Control-Max-Age: 600
Date: Wed, 12 Feb 2020 15:16:38 GMT
Connection: keep-alive
Content-Length: 48
x-amz-id-2: lqt/Q3YwSp0JZGFSkK+nCWTAycdLPcPppTHD0vKT62G9CJJy1uY9PFVXzze6e8zRgmHtjNxi+Co=
Last-Modified: Thu, 06 Feb 2020 23:04:12 GMT
Server: AmazonS3
ETag: "5816cced8568d223aa09d889f300692b"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

Redirect headers

Date: Wed, 12 Feb 2020 15:16:38 GMT
Server: AkamaiGHost
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Location: https://s.adroll.com/j/exp/index.js
Access-Control-Allow-Credentials: false
Connection: keep-alive
Access-Control-Allow-Headers: *
Content-Length: 0

GET
H/1.1 200
OK index.js Show response
s.adroll.com/j/pre/OU3SUNRJWBHPTCY5X23OHE/JFQUMKJ3NRFIFLRA5FOQKB/ 1 KB
1 KB 114ms
66ms Script
text/javascript 23.210.248.216
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/pre/OU3SUNRJWBHPTCY5X23OHE/JFQUMKJ3NRFIFLRA5FOQKB/index.js
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.210.248.216 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-248-216.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: cbce85e96b7752208ce15a09ea4d5a58b792edc9e77f1c5ccf46c01935970f9d

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

x-amz-version-id: K8hOVwp.w1q.OPT8ru4a_UMRvLrKONzh
Content-Encoding: gzip
x-amz-request-id: F479E31D7D556147
x-amz-server-side-encryption: AES256
Access-Control-Max-Age: 600
Date: Wed, 12 Feb 2020 15:16:37 GMT
Connection: keep-alive
Content-Length: 635
x-amz-id-2: TzHZbSR02rIhAQaxTG4q2NL3Nq7aF6Mvz8ZNbFwuuLX8z0IKcLGeiw9XKvQinOAQW3ikLx6FWis=
Last-Modified: Tue, 11 Feb 2020 17:40:29 GMT
Server: AmazonS3
ETag: "3996d65282dd996ee0d7d4c90c139158"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: text/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600, must-revalidate
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H2

200

/ Show response
d.adroll.com/consent/check/OU3SUNRJWBHPTCY5X23OHE/
Redirect Chain

https://d.adroll.mgr.consensu.org/consent/iabcheck/OU3SUNRJWBHPTCY5X23OHE?_s=9dd47665e9140f72804e2b43690a7536&_b=2
https://d.adroll.com/consent/check/OU3SUNRJWBHPTCY5X23OHE/?_s=9dd47665e9140f72804e2b43690a7536&_b=2

106 B
198 B

32ms
30ms

Script
application/javascript

52.214.49.237
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d.adroll.com/consent/check/OU3SUNRJWBHPTCY5X23OHE/?_s=9dd47665e9140f72804e2b43690a7536&_b=2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.214.49.237 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-214-49-237.eu-west-1.compute.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: d38821db570b42b1a3dfd69b69b2883d6a0e7fbc4c4021416670597e6af75bd3

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status: 200
date: Wed, 12 Feb 2020 15:16:38 GMT
server: nginx/1.16.1
content-length: 106
content-type: application/javascript

Redirect headers

status: 302
date: Wed, 12 Feb 2020 15:16:37 GMT
server: nginx/1.16.1
content-length: 105
location: https://d.adroll.com/consent/check/OU3SUNRJWBHPTCY5X23OHE/?_s=9dd47665e9140f72804e2b43690a7536&_b=2

GET
H/1.1 200
OK consent.js Show response
s.adroll.com/j/ 243 KB
33 KB 43ms
43ms Script
application/javascript 23.210.248.216
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/consent.js
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.210.248.216 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-248-216.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: f82c9f099656346f543c66ba009bd5f18010c7b41ad43d47a7f762121ad4496d

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

x-amz-version-id: W7pJTDq0578OcjyRZxtRH_BjDuWCGgRc
Content-Encoding: gzip
x-amz-request-id: C5CB11FA2891D5FB
x-amz-server-side-encryption: AES256
Access-Control-Max-Age: 600
Date: Wed, 12 Feb 2020 15:16:38 GMT
Connection: keep-alive
Content-Length: 33195
x-amz-id-2: xvDuzhmafYXOulMfcltPByepfW69qHQWdG5Ym3MZlL+9sl8jZLq//WEZRkSp6xPBek9wYUVR3VI=
Last-Modified: Tue, 19 Nov 2019 20:42:26 GMT
Server: AmazonS3
ETag: "2f9f76c2d377be42af05cdf34c632618"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=300, must-revalidate
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H2 200 hod
d.adroll.com/consent/ 42 B
180 B 30ms
30ms Image
image/gif 52.214.49.237
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d.adroll.com/consent/hod?_e=view_banner&_s=9dd47665e9140f72804e2b43690a7536&_b=2.1&_a=OU3SUNRJWBHPTCY5X23OHE
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.214.49.237 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-214-49-237.eu-west-1.compute.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

status: 200
date: Wed, 12 Feb 2020 15:16:38 GMT
cache-control: no-transform,public,max-age=300,s-maxage=900
server: nginx/1.16.1
content-length: 42
vary: Cookie
content-type: image/gif

Verdicts & Comments Add Verdict or Comment

178 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

22 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.demdex.net/	1970-01-19 11:37:52	Name: demdex Value: 08489483512835779871200170568978858490
.cylance.com/	1969-12-31 23:59:59	Name: s_tp Value: 38414
threatvector.cylance.com/	1970-01-19 07:18:41	Name: AWSELBCORS Value: 4D0BDD9F0A163D48ECFEF400CB706ACF82CD0195C8D5AF0B639C0FF52381F196F79B59DABDA65005DB13B5CC961C67EC4A82E113711D6D70A536F9B759B0F5D706ABCD580A
.cylance.com/	1969-12-31 23:59:59	Name: s_cc Value: true
.cylance.com/	1970-01-19 16:04:16	Name: s_vnum Value: 1613056596752%26vn%3D1
.cylance.com/	1970-01-19 07:18:42	Name: s_lv_s Value: First%20Visit
.cylance.com/	1970-01-20 09:35:28	Name: s_lv Value: 1581520596751
.cylance.com/	1970-01-19 16:04:16	Name: _biz_flagsA Value: %7B%22Version%22%3A1%2C%22Mkto%22%3A%221%22%2C%22Ecid%22%3A%22-1802054739%22%2C%22XDomain%22%3A%221%22%7D
.cylance.com/	1970-01-19 16:04:16	Name: _biz_pendingA Value: %5B%5D
.threatvector.cylance.com/	1970-01-19 07:20:06	Name: _gid Value: GA1.3.386823888.1581520596
.cylance.com/	1970-01-19 07:18:42	Name: _biz_sid Value: 775ad5
.cylance.com/	1970-01-20 00:51:18	Name: AMCV_2297E09A576BB9677F000101%40AdobeOrg Value: -715282455%7CMCIDTS%7C18305%7CMCMID%7C08228223195302083431154203858829322542%7CMCAAMLH-1582125396%7C6%7CMCAAMB-1582125396%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1581527796s%7CNONE%7CMCSYNCSOP%7C411-18312%7CvVersion%7C4.2.0
.cylance.com/	1969-12-31 23:59:59	Name: s_ppv Value: home%253Athreat-spotlight-sodinokibi-ransomware%2C3%2C3%2C1200
.cylance.com/	1969-12-31 23:59:59	Name: AMCVS_2297E09A576BB9677F000101%40AdobeOrg Value: 1
threatvector.cylance.com/	1970-01-19 07:18:41	Name: AWSELB Value: 4D0BDD9F0A163D48ECFEF400CB706ACF82CD0195C8D5AF0B639C0FF52381F196F79B59DABDA65005DB13B5CC961C67EC4A82E113711D6D70A536F9B759B0F5D706ABCD580A
.cylance.com/	1970-01-19 08:01:52	Name: s_nr Value: 1581520596753-New
.cylance.com/	1970-01-19 16:04:16	Name: _biz_uid Value: 225aefbd83a74699c50e8f110beeaf64
.cylance.com/	1970-01-20 00:49:52	Name: _mkto_trk Value: id:524-DOM-989&token:_mch-cylance.com-1581520596542-35228
.threatvector.cylance.com/	1970-01-19 07:18:40	Name: _gat_904909c8b4224b069399ead37fce794b Value: 1
.cylance.com/	1970-01-19 07:18:42	Name: s_invisit Value: true
.cylance.com/	1970-01-19 16:04:16	Name: _biz_nA Value: 3
.threatvector.cylance.com/	1970-01-20 00:49:52	Name: _ga Value: GA1.3.1945308204.1581520596

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html(Line 247) Message: cookie not is active
console-api	log	(Line 2) Message: add----roll1
console-api	log	(Line 2) Message: add----roll2
console-api	log	(Line 2) Message: add----roll2

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

524-dom-989.mktoresp.com
api.company-target.com
app-sj16.marketo.com
assets.adobedtm.com
bat.bing.com
cdn.bizible.com
cdn.rawgit.com
cm.everesttech.net
cylance.demdex.net
cylance.sc.omtrdc.net
d.adroll.com
d.adroll.mgr.consensu.org
dpm.demdex.net
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
match.prod.bidr.io
munchkin.marketo.net
px.ads.linkedin.com
s.adroll.com
s.ytimg.com
s7d2.scene7.com
segments.company-target.com
snap.licdn.com
stats.g.doubleclick.net
tag.demandbase.com
threatvector.cylance.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.linkedin.com
www.youtube.com
104.16.95.80
13.224.196.104
13.224.196.24
143.204.94.127
15.188.105.205
151.139.237.11
172.217.16.194
192.28.147.68
23.210.248.216
23.210.248.45
2620:1ec:c11::200
2a00:1450:4001:806::2002
2a00:1450:4001:809::200e
2a00:1450:4001:80b::200e
2a00:1450:4001:815::2003
2a00:1450:4001:81e::200a
2a00:1450:4001:820::2003
2a00:1450:4001:820::2004
2a00:1450:4001:821::200e
2a00:1450:400c:c00::9c
2a02:26f0:10c:387::9b6
2a02:26f0:10c:39e::25ea
2a05:f500:10:101::b93f:9101
2a05:f500:11:101::b93f:9005
34.208.39.20
52.214.49.237
52.49.193.31
52.50.184.22
54.154.151.160
66.117.28.86
93.184.220.178
95.101.176.176
03ecfe2cfe61788bd16b6ee3c7becef395744ebdf1f94643800b20b091772308
099bace63963205abb1875d577e797bdac573989ab27a75960eafe3ccd5fa27a
09bc1009eb3d9cbc800e4933a407c81b1920be72f28254baff513ee8f422f5b0
0e23b84d6736b1645a695282788cee2070cd3f5cd2c5c2e31ea0b44a942294c2
0e41a843709f19f5327078ad0e4fca7ff8485d280f2458c15b555957a0e646cd
1017b2b6551aca43896313770d3c3041d58cee227ce35861c60ef0a10dc38c64
18193705ab98d0aa0d38c44621932f9599495d8e708fc41afb7ef892ab0895ae
1a7103ddeebf3a313febafe1aba08a1cec143c98a7b6e51cacbf8893093efaa2
1c3e7c0bd654be20bec593920192cf6c1570283ef241278cddb7311f6bd92045
1cac386a226657759d39c04b26768f03915090f0f1a5b4e6ca815d7478228159
23724b86dbc7b32cc5d06808497eea737be1a796b2216500227d6eff4538a2f5
26ae4b0eb488fa35fca8b199e05b5b5236192cf04a2fa5a91ba6c5c4d5ffc06d
2afa0193eebc6dcba6256c02ba126cd809b278a8c271ba1344af1d54520fb173
2d9245daf2dcc8739b68091fc3afea1e48c3add85f07d57e551a2ab7a714853e
37d3a4e166c1ac159b88faf4c86c36f67289628a8d65fb57546126396508bbf7
397d07fbfb19b6ac538d7b8bcdf5ebf7be881c9f9ad3982278d9d4f3a02c160b
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1
3f6a6acd91f9753a79f660d84d20e0417cf70ae34132eca9178a70fcca591fc2
41dd5e421fe221a7d2921d6fa2b36e8b01a9f2c054aaef5fad866fe896c1d1e0
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
44df095afbcc3700bb27f3c430bce008b8074188be803787ce11b9b850ed6675
45e2f85e3aab6c36988703f5cc06444289bb795a25736b74975073c98de18498
51c2e8a79306c78c796b89cbb5c1be4b258089b09cde3664d29d6b2bbf6943ab
556587f74b398c7b89d23b15fd8e7c004b15a5985d4dbf8c93707b58d98d1023
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
57cd46adbabd6c40823602b4513aecbe89320a769572255272abe9f008de69fa
62d710d9bda1dbd522c180805ec2a66d82c84ec1093813ebf39d22f04b30d871
66de82969f617c85184ad351d55501233e538e7f54caa684368c8a155053874d
75795949ed66c0f8b5c0ef927cd3aff358f9aac175f6789fb6b15789127731a5
7848472b4e994bcd2cb522201f6c123b50c4b37e5aab979ac50db3244eb894d5
797d0764fad2aee0b1e16fbf116c50049da14b2a2dd1c3d73b3fd5d329f74145
79b0cb52be73304f5c5c3f9c52f5e6c69ecd59ffefc20318911b8a8e9460e16c
7b86ac9779af83777789a7fc81940793f77b5bd3ff3d36ac8e925fccf656247a
7fbbeba68616ec3cd21955086a765a1c74d81b3f2772babba4f8f9719adb2d5c
8235e55fa7f1c889f552c3d7415b6bfff016a82035dc5c77da7a1789a3de95e3
8658dcad983dacbb3bca7bc8217fd0b75f28df85bf9259bd0dccf69e58cb0ecd
87f55f0eb8ca3828f1f3c43da32e71933463b639ff59c86fab549600912ac687
89b531e78902333807b825faf77cd11cc927fe364ea2ba9307f65365f7e811f7
8f9713075b7edd29146b9f8472de0a9dea8c7f3dc2f41ff172f3e558536227c7
937fdd2761db8d890407be8c18e64a7f3c19ded89b4d67f5606e30a560bd63c5
93a431303f6163e1a1b17d0fe9ac4edb2b042333aec637187fa92f9ed1050ae8
96904bcac47ca5d98b664970580ea473e1e6a6b285c87e8cb3caa2f1928e7219
9913bba300e77cd7898ce5a11558bf789fd15cb686107a10a648109117816be1
9f089cd192baa80c12548b7332f45abfe5e40785eeaad1392b8afa587246af80
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
a3f8be75fca2b55f10570fa548c0ba00c5fe41b3f9de013e32b8e382bcb25b92
adc2c8e679ffd8f0cbc9270749db4f687b9201280b2913c2817f230584ea4e1d
ae0d8091f974c66bea6d9f9aeba9feb785eb4e5a4e779060ec5f31b525f61f0f
af6f1a1d1ca5b44168e2d69e4e92daf576df150cc615c9e62adc6eb909a73114
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
b03ad4b6a0291767c8c1d583c35abd8f780daad1d82abbc1b31c7fbcb0f0fb8d
b10bfe284fcea12155ae8def55a8ec14b8a804e198e06d985e6e8a1681851c63
b194fd385666036162259f55563a017e78753671e0fbd3be31a272dc2b869876
b1e43308ad37fba80d03dac9a497a96febac77a457711dab836dcf12efb80cef
be8cca389c01246f49f19f6ac92da85c6627a35fd93c9939bcfc31639bdcc1a1
c0aed91f1b10ec94f40fdf79c31d1f870fb4bf3eda63b61edb3bbaeff53a93e0
c3cd58449f660324b0e34882c7dd135323d6e69aa7b81451a8a97a2d79f317ee
c6e538e6a9213d8d6cb6a1f3b7c03e5a06d68ff25ec57e6eb5b4868289464de0
cbce85e96b7752208ce15a09ea4d5a58b792edc9e77f1c5ccf46c01935970f9d
ccea349d73237232bc08a12695a59a5f873dda2b2e404cb9c6f11d9dd5806c3e
ce11c18967ab30115878af2f6c6dc88fce05dbda48df9cea5a7abf9fb311ef5f
d14f3cdbdb9539b73d2dcf1562b9609fa42eaa483e088f4109ecd5accdea1f36
d38821db570b42b1a3dfd69b69b2883d6a0e7fbc4c4021416670597e6af75bd3
d4e42e78d5938248bc7eeac03bfacee8cd2a392daa3885637a7899ca4fb30e3c
d6165ece0cfe07d628d883f8315f46e22e692f4c01500f5ed0f0e90d94bd260f
dd06559f1c062e3293ce58a757bf53e462c7411925adff0745717e678c18b2e1
dd1dad45fd0dd168ad46427307aa8a206b857b783ca3afbcfe2bc8b8724acec0
e35896fcd15b2238b1b5e2d4fbbd2b287f57dbbded51ab1a2217c38ce6a51d2f
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e6cf48bc1bfd904673cda470939d69e4c555779587d2361e65d03869b26eeebf
e85d93603219c7af97e29b183b6f22d04991b9b01c4a79ae824e62ea7aa809b5
eaf1b128b927ac2868755cb7366d35554255c8af362235afe270f9614f8c806d
eb2deec7e5394e29e51ff83e920f1ce3c092ae5c63b711a4b755b9861a8bc6cd
ec7024e764e94caa58c7a18f4624dc84c9ee15537ff5418fd44e2f037f8abc30
edc7f6279b5780f89b0aff9b2d13afbd545386f670a311e06e36d776ad102a7f
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f15d14a948d5d97372a945a80c61612fe768a1c1e19de1f9067c4cabff78becd
f17a340f0388383e8d2a70632006d51e5d0e95f60f1cca3f774bd78b5d3dcd07
f419df72131b2e7ec36c56950099c5c8f88e3e8ba7de2438b0484d0786e56200
f59e5f34a941183aacaed25322ac0856628493c2cfd936ded3fddc0a49510e52
f6281f4fc0c8b4cd0ecb0cf382c080d9e5f01b58c816d5f071969f3734465fc6
f641976030ca6cfe00221906bb08f0536067a28075027a3186adb9a5af536558
f6e7e0830124ea580b3f0de0da80ba48a45d9df9d7c092af0f47c63ed0692578
f82c9f099656346f543c66ba009bd5f18010c7b41ad43d47a7f762121ad4496d
fe08d074a32f7c481cc425d22cdd787137feea90578e0b10556cebeefcfa3040
fe7b1fa106b52fd3b7a72421171503eee8ec0c911d495be3ce168f76ed7cc8b1
fe884e48d8d2602152678463aa5ac92bb7bd73b357851406aebcc046ab1d8b9f

threatvector.cylance.com Open in urlscan Pro 34.208.39.20 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

100 Requests

100 %HTTPS

44 %IPv6

28 Domains

33 Subdomains

28 IPs

8 Countries

1822 kBTransfer

3745 kBSize

22 Cookies

26 Outgoing links

Redirected requests

100 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

threatvector.cylance.com Open in urlscan Pro
34.208.39.20 Public Scan

Screenshot
Live screenshot

Full Image

100
Requests

100 %
HTTPS

44 %
IPv6

28
Domains

33
Subdomains

28
IPs

8
Countries

1822 kB
Transfer

3745 kB
Size

22
Cookies

100 HTTP transactions
0 data transactions